ByteOS Network

CVE Vulnerability Details :

CVE-2026-10115

PUBLISHED

More Info Official Page

Assigner-VulDB

Assigner Org ID-1af790b2-7ee1-4545-860a-a788eba489b5

Published At-30 May, 2026 | 10:15

Updated At-30 May, 2026 | 10:15

▼CVE Numbering Authority (CNA)

Open5GS Shared NF-profile nnrf-handler.c denial of service

A vulnerability was identified in Open5GS up to 2.7.7. This affects an unknown part in the library lib/sbi/nnrf-handler.c of the component Shared NF-profile Parser. Such manipulation leads to denial of service. The attack can be launched remotely. The exploit is publicly available and might be used. It is advisable to implement a patch to correct this issue.

Affected Products

Vendor

n/a

Product

Open5GS

CPEs

cpe:2.3:a:open5gs:open5gs:*:*:*:*:*:*:*:*

Modules

Shared NF-profile Parser

Versions

Affected

2.7.0
2.7.1
2.7.2
2.7.3
2.7.4
2.7.5
2.7.6
2.7.7

Problem Types

Type	CWE ID	Description
CWE	CWE-404	Denial of Service

Type: CWE

CWE ID: CWE-404

Description: Denial of Service

Metrics

Version	Base score	Base severity	Vector
4.0	5.3	MEDIUM	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P
3.1	4.3	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C
3.0	4.3	MEDIUM	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C
2.0	4.0	N/A	AV:N/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C

Version: 4.0

Base score: 5.3

Base severity: MEDIUM

Vector:

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P

Version: 3.1

Base score: 4.3

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C

Version: 3.0

Base score: 4.3

Base severity: MEDIUM

Vector:

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C

Version: 2.0

Base score: 4.0

Base severity: N/A

Vector:

AV:N/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C

Credits

reporter

ZiyuLin (VulDB User)

Timeline

Event	Date
Advisory disclosed	2026-05-29 00:00:00
VulDB entry created	2026-05-29 02:00:00
VulDB entry last update	2026-05-29 19:20:30

Event: Advisory disclosed

Date: 2026-05-29 00:00:00

Event: VulDB entry created

Date: 2026-05-29 02:00:00

Event: VulDB entry last update

Date: 2026-05-29 19:20:30

References

Hyperlink	Resource
https://vuldb.com/vuln/367293	vdb-entry
https://vuldb.com/vuln/367293/cti	signature permissions-required
https://vuldb.com/submit/818583	third-party-advisory
https://github.com/open5gs/open5gs/issues/4469	exploit issue-tracking
https://github.com/open5gs/open5gs/issues/4469#issuecomment-4389805398	issue-tracking
https://github.com/open5gs/open5gs/pull/4527	issue-tracking patch
https://github.com/open5gs/open5gs/	product