Out-of-Bounds Read Vulnerability in Open5GS by Open5GS
CVE-2026-8186

6.9MEDIUM

Key Information:

Vendor

Open5GS

Status
Open5gs
Vendor
CVE Published:
9 May 2026

What is CVE-2026-8186?

A vulnerability has been identified in Open5GS affecting versions up to 2.7.7, specifically in the function ogs_sbi_client_send_via_scp_or_sepp within lib/sbi/client.c of the NF component. This vulnerability allows for an out-of-bounds read, which can be exploited remotely, potentially leading to data leakage or disruption of service. Users are advised to apply the patch identified by commit d5bc487fcf9ea87d2b03f2ef95123af344773bfb to mitigate the risk associated with this issue.

Affected Version(s)

Open5GS 2.7.0

Open5GS 2.7.1

Open5GS 2.7.2

References

https://vuldb.com/vuln/362338
vdb-entrytechnical-description
https://vuldb.com/vuln/362338/cti
signaturepermissions-required
https://vuldb.com/submit/800024
third-party-advisory

CVSS V4

Score:
6.9
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

0wln3d (VulDB User)
.