CVE-2026-10157
7.3 HIGHA vulnerability was identified in Open5GS up to 2.7.6
Published: 2026-05-31 · Last updated: 2026-06-01
Severity and scoring
- CVSS
- 7.3 HIGH
- Vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
- CWE
- CWE-287
Description
A vulnerability was identified in Open5GS up to 2.7.6. This impacts an unknown function of the file src/amf/ngap-handler.c of the component NGAP PathSwitchRequest Message Handler. The manipulation leads to improper authentication. It is possible to initiate the attack remotely. The exploit is publicly available and might be used. The identifier of the patch is a188e36b1741ffc2252133f59b1bda4f14d3cb5c. It is suggested to install a patch to address this issue.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2026-10157
- [Other]https://github.com/open5gs/open5gs/
- [Other]https://github.com/open5gs/open5gs/commit/a188e36b1741ffc2252133f59b1bda4f14d3cb5c
- [Other]https://github.com/open5gs/open5gs/issues/4393
- [Other]https://github.com/open5gs/open5gs/pull/4557
- [Other]https://vuldb.com/cve/CVE-2026-10157
- [Other]https://vuldb.com/submit/818939
- [Other]https://vuldb.com/vuln/367410
- [Other]https://vuldb.com/vuln/367410/cti
Related CVEs
Same CWE
- CVE-2026-48114 — Metacat is data repository software that helps researchers preserve, share, and discover data (9.8 CRITICAL)
- CVE-2026-12183 — Nefteprodukttekhnika BUK TS-G Gas Station Automation System 2.9.1 through 2.10.2 on Linux contains an Improper Authentication vulnerabili... (9.8 CRITICAL)
- CVE-2026-50623 — An authentication bypass vulnerability exists in the OAuth2 TokenIntrospectionService in Apache CXF (6.5 MEDIUM)
- CVE-2026-48611 — Improper authentication checks in the OAuth implementation allow account hijacking even when OAuth is not configured or enabled leading t... (9.8 CRITICAL)
- CVE-2026-40995 — X509AuthenticationProvider could issue a fully authenticated X509AuthenticationToken when a presented certificate mapped to UserDetails, ... (5.4 MEDIUM)