Resource Consumption Vulnerability in Open5GS UPF by Open5GS
CVE-2026-8187

6.9MEDIUM

Key Information:

Vendor

Open5GS

Status
Open5gs
Vendor
CVE Published:
9 May 2026

What is CVE-2026-8187?

A vulnerability has been identified in Open5GS UPF versions up to 2.7.7, specifically within the _gtpv1_u_recv_cb function located in the src/upf/gtp-path.c file. This flaw enables an attacker to consume resources, potentially leading to Denial of Service (DoS). The attack can be executed remotely, making it particularly concerning for users and organizations utilizing this software. Despite early notifications of the issue, no official response has been issued by the project.

Affected Version(s)

Open5GS 2.7.0

Open5GS 2.7.1

Open5GS 2.7.2

References

https://vuldb.com/vuln/362339
vdb-entrytechnical-description
https://vuldb.com/vuln/362339/cti
signaturepermissions-required
https://vuldb.com/submit/800025
third-party-advisory

CVSS V4

Score:
6.9
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

0wln3d (VulDB User)
VulDB CNA Team
.