CVEFinder.io

CVE-2026-8743

🔶 medium
🔍 Scan for this CVE
Summary

A vulnerability was found in Open5GS up to 2.7.6. This impacts the function ran_ue_find_by_amf_ue_ngap_id of the file src/amf/context.c of the component AMF/MME. Performing a manipulation results in improper authorization. It is possible to initiate the attack remotely. The exploit has been made public and could be used. The patch is named 5746b8576cfceec18ed87eb7d8cf11b1fb4cd8b1. It is suggested to install a patch to address this issue.

CVSS Score
6.3
Medium
EPSS Score
0.0
Exploit Probability
Published Date
2026-05-17
First Seen: 2026-05-18
📊 Relative Risk Intelligence

This CVE is Lower Risk - more severe than 39.3% of all 326,604 vulnerabilities in our database.

#198,314
Below average severity
Severity Percentile
🎯 CISA SSVC Assessment Updated: May 18, 2026
🔍 Exploitation Status
Poc
Proof-of-concept available
⚙️ Automatable
NO
Requires human interaction
💥 Technical Impact
Partial
Limited system impact
🏆 Discovered By
Seungjoon Na (Kookmin University ICSR Lab) Jinha Kim (Kookmin University ICSR Lab) Seungjoon Na (VulDB User) (reporter) Seungjoon Na (VulDB User) (analyst)
SSVC data provided by CISA
Last Modified 2026-05-19
Source NVD 🔗
CVSS Vector 3.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
CVSS Vector 4.0 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CWE IDs (Weakness Types)
CWE-266 CWE-285

📦 Affected Products 1

Vendor Product Status Affected Versions
open5gs open5gs Affected
< 2.7.6

🔗 References 7

https://github.com/open5gs/open5gs/
Product
https://github.com/open5gs/open5gs/commit/5746b8576c...
Patch
https://github.com/open5gs/open5gs/issues/4498
Exploit Issue Tracking
https://github.com/open5gs/open5gs/pull/4553
Issue Tracking Patch
https://vuldb.com/submit/814559
Third Party Advisory VDB Entry
https://vuldb.com/vuln/364330
Third Party Advisory VDB Entry
https://vuldb.com/vuln/364330/cti
Permissions Required VDB Entry

🔗 Related CVEs 6

CVE ID Severity CVSS EPSS Summary Published
CVE-2026-8728 🔶 medium 4.3 0.1 A security vulnerability has been detected in Open5GS up to 2.7.7. The impacted element is the function ogs_sbi_discover... 2026-05-17
CVE-2026-8729 🔶 medium 4.3 0.1 A vulnerability was detected in Open5GS up to 2.7.7. This affects an unknown function in the library /lib/sbi/message.c ... 2026-05-17
CVE-2026-8730 🔶 medium 4.3 0.1 A flaw has been found in Open5GS up to 2.7.6. This impacts the function ogs_sbi_nf_instance_set_id in the library /lib/s... 2026-05-17
CVE-2026-8731 🔶 medium 4.3 0.1 A vulnerability has been found in Open5GS up to 2.7.7. Affected is the function ogs_sbi_client_add in the library /lib/s... 2026-05-17
CVE-2026-8744 🔶 medium 4.3 0.1 A vulnerability was determined in Open5GS up to 2.7.7. Affected is the function ogs_sbi_subscription_data_add/ogs_sbi_nf... 2026-05-17
CVE-2026-8745 🔶 medium 4.3 0.1 A vulnerability was identified in Open5GS up to 2.7.7. Affected by this vulnerability is the function ogs_timer_add in t... 2026-05-17
These CVEs affect the same products