CVE-2026-2521CRITICAL 9.8EPSS p47.5%

CVE-2026-2521CVE-2026-2521

Description

A weakness has been identified in Open5GS up to 2.7.6. This issue affects the function sgwc_s5c_handle_create_session_response of the component SGW-C. Executing a manipulation can lead to memory corruption. The attack may be performed from remote. The exploit has been made available to the public and could be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.68% probability of exploitation · percentile 47.5% · 2026-06-18T12:00:27Z
Published2026-02-15
Last modified2026-02-18

Underlying weaknesses· 1

CWE-119

References

  1. https://github.com/open5gs/open5gs/
  2. https://github.com/open5gs/open5gs/issues/4282
  3. https://github.com/open5gs/open5gs/issues/4282#issue-3807902188
  4. https://vuldb.com/?ctiid.346109
  5. https://vuldb.com/?id.346109
  6. https://vuldb.com/?submit.738334

1

TypeTargetConfidenceTier
WeaknessImproper Restriction of Operations within the Bounds of a Memory Buffercwe-1190%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-2522
CVE
CVE-2026-10117
CVE
CVE-2026-10565
CVE
CVE-2026-10114
CVE
CVE-2025-15555
CVE
CVE-2026-10115
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.