CVE-2026-4240
Published: 16 March 2026
Summary
CVE-2026-4240 is a medium-severity Improper Resource Shutdown or Release (CWE-404) vulnerability in Open5Gs Open5Gs. Its CVSS base score is 5.3 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 26.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Requires timely identification, reporting, and correction of the specific flaw in Open5GS CCA Handler functions via patching to version 2.7.7, directly eliminating the DoS vulnerability.
Implements organization-defined protections to detect and limit the impact of remote unauthenticated denial-of-service attacks exploiting improper resource handling in the CCA callbacks.
Validates inputs to the vulnerable smf_gx_cca_cb, smf_gy_cca_cb, smf_s6b_aaa_cb, and smf_s6b_sta_cb functions, mitigating manipulation that triggers CWE-404 improper resource shutdown or release.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
CVE describes remote unauthenticated exploitation of a software flaw (CWE-404) in Open5GS SMF handlers that directly causes application-level denial of service via crafted network messages.
NVD Description
A vulnerability was determined in Open5GS up to 2.7.6. The affected element is the function smf_gx_cca_cb/smf_gy_cca_cb/smf_s6b_aaa_cb/smf_s6b_sta_cb of the component CCA Handler. This manipulation causes denial of service. The attack can be initiated remotely. The exploit has been publicly disclosed and…
more
may be utilized. Upgrading to version 2.7.7 is sufficient to fix this issue. Patch name: 80eb484a6ab32968e755e628b70d1a9c64f012ec. Upgrading the affected component is recommended.
Deeper analysisAI
CVE-2026-4240 is a denial-of-service vulnerability affecting Open5GS versions up to and including 2.7.6. The issue resides in the CCA Handler component, specifically within the functions smf_gx_cca_cb, smf_gy_cca_cb, smf_s6b_aaa_cb, and smf_s6b_sta_cb. Manipulation of these functions leads to improper resource handling, classified under CWE-404 (Improper Resource Shutdown or Release). The vulnerability carries a CVSS v3.1 base score of 5.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L), indicating medium severity with low availability impact.
Any unauthenticated remote attacker can exploit this vulnerability over the network with low complexity and no user interaction required. Successful exploitation disrupts service availability on the affected Open5GS instance, potentially causing partial denial of service without impacting confidentiality or integrity.
Mitigation involves upgrading to Open5GS version 2.7.7, which addresses the issue via commit 80eb484a6ab32968e755e628b70d1a9c64f012ec. Relevant advisories and resources are available in the Open5GS GitHub repository, including the issue tracker (issues/4343) and release notes.
The exploit has been publicly disclosed and may be utilized by attackers.
Details
- CWE(s)