Vulnerabilities ›

CVE-2026-8223

Medium

CWE-404 — Weakness Type

                    Published: May 10, 2026                      ·  Modified: May 11, 2026                      ·  Source: NVD                

CVSS v3

5.3

🔗 NVD Official

📄 Description (English)

A vulnerability was found in Open5GS up to 2.7.7. Affected by this vulnerability is the function pcf_sess_sbi_discover_and_send of the component sm-policies Endpoint. Performing a manipulation results in denial of service. It is possible to initiate the attack remotely. The exploit has been made public and could be used. The project was informed of the problem early through an issue report but has not responded yet.

🤖 AI Executive Summary

CVE-2026-8223 is a denial of service vulnerability in Open5GS versions up to 2.7.7 affecting the sm-policies endpoint's pcf_sess_sbi_discover_and_send function. The vulnerability can be exploited remotely through manipulation of this function, with public exploits already available.

📄 Description (Arabic)

ثغرة حجب الخدمة في Open5GS تؤثر على مكون سياسات الجلسة (sm-policies) في الإصدارات حتى 2.7.7. يمكن للمهاجمين استغلال وظيفة pcf_sess_sbi_discover_and_send عن بعد لإيقاف الخدمة. تم الإفصاح العام عن الثغرة وتوفر استغلالات عملية لها.

🤖 ملخص تنفيذي (AI)

CVE-2026-8223 هو ثغرة حجب الخدمة في Open5GS الإصدارات حتى 2.7.7 تؤثر على نقطة نهاية sm-policies وظيفة pcf_sess_sbi_discover_and_send. يمكن استغلال الثغرة عن بعد من خلال معالجة هذه الوظيفة، مع توفر استغلالات عامة بالفعل.

🤖 AI Intelligence Analysis Analyzed: May 30, 2026 06:18

🇸🇦 Saudi Arabia Impact Assessment

Saudi Relevance: high

🏢 Affected Saudi Sectors

telecom government

🎯 MITRE ATT&CK Techniques

T1499.004 T1561 T1499

⚖️ Saudi Risk Score (AI)

6.0

/ 10.0

🔧 Remediation Steps (English)

Immediately upgrade Open5GS to version 2.7.8 or later when available. Implement network-level access controls to restrict access to the sm-policies endpoint. Monitor for suspicious traffic patterns targeting the pcf_sess_sbi_discover_and_send function. Apply rate limiting and request validation on the affected endpoint.

🔧 خطوات المعالجة (العربية)

قم بترقية Open5GS فوراً إلى الإصدار 2.7.8 أو أحدث عند توفره. طبق عناصر تحكم الوصول على مستوى الشبكة لتقييد الوصول إلى نقطة نهاية sm-policies. راقب أنماط حركة المرور المريبة التي تستهدف وظيفة pcf_sess_sbi_discover_and_send. طبق تحديد معدل التطلب والتحقق من صحة الطلب على نقطة النهاية المتأثرة.

📋 Regulatory Compliance Mapping

🟢 NCA ECC 2024

A.12.6.1 A.14.2.1 A.14.2.5

🔵 SAMA CSF

ID.BE-1 PR.DS-1 PR.IP-1 DE.AE-1

🟡 ISO 27001:2022

A.12.6.1 A.14.2.1 A.14.2.5 A.13.1.1

🔗 References & Sources 5

🔗

https://github.com/open5gs/open5gs/

cna@vuldb.com

🔗

https://github.com/open5gs/open5gs/issues/4438

cna@vuldb.com

🔗

https://vuldb.com/submit/808442

cna@vuldb.com

🔗

https://vuldb.com/vuln/362440

cna@vuldb.com

🔗

https://vuldb.com/vuln/362440/cti

cna@vuldb.com

📊 CVSS Score

5.3

/ 10.0 — Medium

📊 CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Attack VectorN — None / Network

Attack ComplexityL — Low / Local

Privileges RequiredN — None / Network

User InteractionN — None / Network

ScopeU — Unchanged

ConfidentialityN — None / Network

IntegrityN — None / Network

AvailabilityL — Low / Local

📋 Quick Facts

Severity Medium

CVSS Score5.3

CWECWE-404

EPSS0.08%

Exploit No

Patch ✗ No

Published 2026-05-10

Source Feed nvd

🇸🇦 Saudi Risk Score

6.0

/ 10.0 — Saudi Risk

Priority: MEDIUM

🏷️ Tags

CWE-404

⚡ Actions

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

💬 Comments

Loading comments

CVE-2026-8223

💬 Comments

Introduce Yourself

Sign In Required