CVE-2026-2062
Published: 06 February 2026
Summary
CVE-2026-2062 is a medium-severity Improper Resource Shutdown or Release (CWE-404) vulnerability in Open5Gs Open5Gs. Its CVSS base score is 5.5 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 21.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2026-2062 is a null pointer dereference vulnerability in Open5GS versions up to and including 2.7.6. It affects the PGW S5U Address Handler component, specifically the functions sgwc_s5c_handle_modify_bearer_response and sgwc_sxa_handle_session_modification_response. The issue, linked to CWE-404 (Improper Resource Shutdown or Release) and CWE-476 (NULL Pointer Dereference), was published on 2026-02-06.
The vulnerability carries a CVSS v3.1 base score of 5.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L), indicating it can be exploited remotely by an unauthenticated attacker with low attack complexity and no user interaction. Successful exploitation triggers a null pointer dereference, resulting in a denial-of-service condition with low availability impact and no effects on confidentiality or integrity.
Mitigation involves applying the patch from commit f1bbd7b57f831e2a070780a7d8d5d4c73babdb59 in the Open5GS GitHub repository, which is the recommended fix. Further details are documented in GitHub issues #4257 and the related comment #3787701521.
An exploit for this vulnerability is publicly available and might be used in attacks.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-5621
Vulnerability details
A vulnerability was identified in Open5GS up to 2.7.6. This affects the function sgwc_s5c_handle_modify_bearer_response/sgwc_sxa_handle_session_modification_response of the component PGW S5U Address Handler. The manipulation leads to null pointer dereference. The attack can be initiated remotely. The exploit is publicly available and…
more
might be used. The identifier of the patch is f1bbd7b57f831e2a070780a7d8d5d4c73babdb59. Applying a patch is the recommended action to fix this issue.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Null pointer dereference in network-facing Open5GS component directly enables remote unauthenticated application crash via crafted input, matching T1499.004 Application or System Exploitation for denial-of-service.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires timely flaw remediation via patches such as commit f1bbd7b to eliminate the null-pointer dereference in the PGW S5U handler.
Explicitly mandates controls that protect against or limit denial-of-service conditions triggered by the remote null dereference.
Requires graceful error handling so that a null pointer in sgwc_s5c_handle_modify_bearer_response does not crash the process.