CVE-2026-4988 MEDIUM

CVE-2026-4988: Open5GS CCA Message smf_s6b denial of service

Vendor N/A
Product Open5GS
Weakness CWE-404
Published March 27, 2026
Last update March 30, 2026

CVSS base score

6.3/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P

What the vulnerability does

01Description

A security flaw has been discovered in Open5GS 2.7.6. This issue affects the function smf_gx_cca_cb/smf_gy_cca_cb/smf_s6b of the component CCA Message Handler. The manipulation results in denial of service. The attack may be launched remotely. Attacks of this nature are highly complex. The exploitability is assessed as difficult. The exploit has been released to the public and may be used for attacks.

Key dates

02Disclosure timeline

March 27, 2026 CVE published
March 30, 2026 Record updated