CVE-2026-10565
3.1 LOWA security flaw has been discovered in Open5GS up to 2.7.6
Published: 2026-06-02 · Last updated: 2026-06-02
Severity and scoring
- CVSS
- 3.1 LOW
- Vector
- CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L
- CWE
- CWE-362
Description
A security flaw has been discovered in Open5GS up to 2.7.6. The impacted element is the function gmm_state_security_mode of the file src/amf/gmm-sm.c of the component NGAP Handover. Performing a manipulation results in race condition. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitability is regarded as difficult. The exploit has been released to the public and may be used for attacks. The pull request to fix this issue awaits acceptance.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2026-10565
- [Other]https://github.com/open5gs/open5gs/
- [Other]https://github.com/open5gs/open5gs/issues/4497
- [Other]https://github.com/open5gs/open5gs/pull/4501
- [Other]https://github.com/user-attachments/files/27111025/N2-SMC-Concurrent.zip
- [Other]https://vuldb.com/cve/CVE-2026-10565
- [Other]https://vuldb.com/submit/818938
- [Other]https://vuldb.com/vuln/367672
- [Other]https://vuldb.com/vuln/367672/cti
Related CVEs
Same CWE
- CVE-2026-46693 — ImageMagick is free and open-source software used for editing and manipulating digital images (4.1 MEDIUM)
- CVE-2026-44693 — Pi-hole FTL is the core engine of the Pi-hole network-level advertisement and tracker blocker (8.8 HIGH)
- CVE-2022-26758 — A malicious application may cause unexpected changes in memory shared between processes (7.1 HIGH)
- CVE-2026-1220 — Race in V8 in Google Chrome prior to 144.0.7559.99 allowed a remote attacker to potentially exploit type confusion via a crafted HTML page (7.5 HIGH)
- CVE-2026-45603 — Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally (7.0 HIGH)