CVE-2026-2524 MEDIUM

CVE-2026-2524: Open5GS MME mme_s11_handle_create_session_response denial of service

Vendor N/A
Product Open5GS
Weakness CWE-404
Published February 16, 2026
Last update February 23, 2026

CVSS base score

6.9/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P

What the vulnerability does

01Description

A flaw has been found in Open5GS 2.7.6. The impacted element is the function mme_s11_handle_create_session_response of the component MME. This manipulation causes denial of service. The attack can be initiated remotely. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet.

Key dates

02Disclosure timeline

February 16, 2026 CVE published
February 23, 2026 Record updated