CVE-2026-0622 Open 5GS WebUI uses a hard-coded JWT signing key

Open 5GS WebUI uses a hard-coded JWT signing key change-me whenever the environment variable JWTSECRETKEY is unset...

CVE-2026-0622

Open5GS WebUI is affected by CVE-2026-0622: by default it uses hard-coded JWT signing keys (the string change-me) when JWT_SECRET_KEY is unset, allowing an unauthenticated network attacker to forge JWTs and gain access to protected WebUI endpoints (notably under /api/db/*). The issue arises from ...

CVE-2026-0622 Open 5GS WebUI uses a hard-coded JWT signing key

Open 5GS WebUI uses a hard-coded JWT signing key change-me whenever the environment variable JWTSECRETKEY is unset...

CVE-2025-15539

A vulnerability was determined in Open5GS up to 2.7.6. Impacted is the function sgwcs11handledownlinkdatanotificationack of the file src/sgwc/s11-handler.c of the component sgwc. This manipulation causes denial of service. The attack can be initiated remotely. The exploit has been publicly...

Open5GS security vulnerabilities

Open5GS is an open-source implementation of 5G Core and EPC in C language, which serves as the core network for Lte/Nr networks. Open5GS has a security vulnerability, which stems from the use of a hardcoded JWT signing key...

Open5GS WebUI uses a hard-coded secrets including JSON Web Token signing key

Overview The Open5GS WebUI component contains default hardcoded secrets used for security-sensitive operations, including JSON Web Token JWT signing. If these defaults are not changed, an attacker can forge valid authentication tokens and gain administrative access to the WebUI. This can result i...

CVE-2025-15539

A vulnerability was determined in Open5GS up to 2.7.6. Impacted is the function sgwcs11handledownlinkdatanotificationack of the file src/sgwc/s11-handler.c of the component sgwc. This manipulation causes denial of service. The attack can be initiated remotely. The exploit has been publicly...

CVE-2025-15539

A vulnerability was determined in Open5GS up to 2.7.6. Impacted is the function sgwcs11handledownlinkdatanotificationack of the file src/sgwc/s11-handler.c of the component sgwc. This manipulation causes denial of service. The attack can be initiated remotely. The exploit has been publicly...

Open5GS security vulnerabilities

Open5GS is an open-source implementation of 5G Core and EPC in C language, which serves as the core network for LTE/NR networks. Versions of Open5GS 2.7.6 and earlier contain security vulnerabilities. These vulnerabilities stem from a flaw in the sgwcs11handler.c file, specifically the...

CVE-2025-15539

A vulnerability was determined in Open5GS up to 2.7.6. Impacted is the function sgwcs11handledownlinkdatanotificationack of the file src/sgwc/s11-handler.c of the component sgwc. This manipulation causes denial of service. The attack can be initiated remotely. The exploit has been publicly...

CVE-2025-15539 Open5GS sgwc s11-handler.c sgwc_s11_handle_downlink_data_notification_ack denial of service

A vulnerability was determined in Open5GS up to 2.7.6. Impacted is the function sgwcs11handledownlinkdatanotificationack of the file src/sgwc/s11-handler.c of the component sgwc. This manipulation causes denial of service. The attack can be initiated remotely. The exploit has been publicly...

CVE-2025-15539 Open5GS sgwc s11-handler.c sgwc_s11_handle_downlink_data_notification_ack denial of service

A vulnerability was determined in Open5GS up to 2.7.6. Impacted is the function sgwcs11handledownlinkdatanotificationack of the file src/sgwc/s11-handler.c of the component sgwc. This manipulation causes denial of service. The attack can be initiated remotely. The exploit has been publicly...

CVE-2025-15539

Open5GS up to 2.7.6 is affected by a Denial of Service vulnerability in the sgwc component. The issue is in the function sgwc_s11_handle_downlink_data_notification_ack (src/sgwc/s11-handler.c), which can be triggered remotely. The exploit has been publicly disclosed and may be utilized. Red Hat a...

CVE-2025-15532

A security flaw has been discovered in Open5GS up to 2.7.5. This issue affects some unknown processing of the component Timer Handler. The manipulation results in resource consumption. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks...

CVE-2025-15531

A vulnerability was identified in Open5GS up to 2.7.5. This vulnerability affects the function sgwcbeareradd of the file src/sgwc/context.c. The manipulation leads to reachable assertion. The attack is possible to be carried out remotely. The exploit is publicly available and might be used. The...

CVE-2025-15530

A vulnerability was determined in Open5GS up to 2.7.6. This affects the function sgwcs11handlecreateindirectdataforwardingtunnelrequest of the file /src/sgwc/s11-handler.c. Executing a manipulation can lead to reachable assertion. The attack can be executed remotely. The exploit has been publicly...

CVE-2025-15529

A vulnerability was found in Open5GS up to 2.7.6. Affected by this issue is the function sgwcs5chandlecreatesessionresponse of the file src/sgwc/s5c-handler.c. Performing a manipulation results in denial of service. Remote exploitation of the attack is possible. The exploit has been made public a...

CVE-2025-15528

A vulnerability has been found in Open5GS up to 2.7.6. Affected by this vulnerability is an unknown functionality of the component GTPv2 Bearer Response Handler. Such manipulation leads to denial of service. The attack may be launched remotely. The exploit has been disclosed to the public and may...

CVE-2025-15532

A security flaw has been discovered in Open5GS up to 2.7.5. This issue affects some unknown processing of the component Timer Handler. The manipulation results in resource consumption. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks...

CVE-2025-15532

A security flaw has been discovered in Open5GS up to 2.7.5. This issue affects some unknown processing of the component Timer Handler. The manipulation results in resource consumption. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks...