CVE-2026-0055

In createSessionInternal of PackageInstallerService.java, there is a possible to update a Device Policy Controller DPC into an invalid directory due to a path traversal error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not...

CVE-2026-0055

In createSessionInternal of PackageInstallerService.java, there is a possible to update a Device Policy Controller DPC into an invalid directory due to a path traversal error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not...

CVE-2026-0055

In createSessionInternal of PackageInstallerService.java, there is a possible to update a Device Policy Controller DPC into an invalid directory due to a path traversal error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not...

ASB-A-460779368

In createSessionInternal of PackageInstallerService.java, there is a possible to update a Device Policy Controller DPC into an invalid directory due to a path traversal error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not...

PT-2026-45576

In createSessionInternal of PackageInstallerService.java, there is a possible to update a Device Policy Controller DPC into an invalid directory due to a path traversal error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not...

CVE-2026-5708

CVE-2026-5708 concerns AWS Research and Engineering Studio (RES) prior to version 2026.03, where the session creation component allows unsanitized control of user-modifiable attributes. An authenticated remote user could escalate privileges, assume the virtual desktop host instance profile permis...

CVE-2026-5708 Improper Control of User-Modifiable Attributes in RES CreateSession API

Unsanitized control of user-modifiable attributes in the session creation component in AWS Research and Engineering Studio RES prior to version 2026.03 could allow an authenticated remote user to escalate privileges, assume the virtual desktop host instance profile permissions, and interact with...

CVE-2026-0023

In createSessionInternal of PackageInstallerService.java, there is a possible way for an app to update its ownership due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2026-0023

PT-2026-4689 and related PT-security entries list CVE-2026-0023 as part of upcoming patch previews (High risk category). The provided documents do not include detailed technical description, affected product/vendor, root cause, impact, or a fix for CVE-2026-0023. Actionable specifics beyond its p...

CVE-2026-2524

A flaw has been found in Open5GS 2.7.6. The impacted element is the function mmes11handlecreatesessionresponse of the component MME. This manipulation causes denial of service. The attack can be initiated remotely. The exploit has been published and may be used. The project was informed of the...

CVE-2026-2524

A flaw has been found in Open5GS 2.7.6. The impacted element is the function mmes11handlecreatesessionresponse of the component MME. This manipulation causes denial of service. The attack can be initiated remotely. The exploit has been published and may be used. The project was informed of the...

CVE-2026-2524 Open5GS MME mme_s11_handle_create_session_response denial of service

A flaw has been found in Open5GS 2.7.6. The impacted element is the function mmes11handlecreatesessionresponse of the component MME. This manipulation causes denial of service. The attack can be initiated remotely. The exploit has been published and may be used. The project was informed of the...

CVE-2026-2524 Open5GS MME mme_s11_handle_create_session_response denial of service

A flaw has been found in Open5GS 2.7.6. The impacted element is the function mmes11handlecreatesessionresponse of the component MME. This manipulation causes denial of service. The attack can be initiated remotely. The exploit has been published and may be used. The project was informed of the...

CVE-2026-2524

CVE-2026-2524 affects Open5GS 2.7.6, specifically the MME function mme_s11_handle_create_session_response. The issue is a manipulation in this function that leads to a denial of service, with remote exploitation reported. Exploit code has been published and may be used. The affected project (Open...

CVE-2026-2524

A flaw has been found in Open5GS 2.7.6. The impacted element is the function mmes11handlecreatesessionresponse of the component MME. This manipulation causes denial of service. The attack can be initiated remotely. The exploit has been published and may be used. The project was informed of the...

EUVD-2026-6141

A weakness has been identified in Open5GS up to 2.7.6. This issue affects the function sgwcs5chandlecreatesessionresponse of the component SGW-C. Executing a manipulation can lead to memory corruption. The attack may be performed from remote. The exploit has been made available to the public and...

Open5GS 安全漏洞

Open5GS is an open-source implementation of 5G Core and EPC in C language, which serves as the core network for LTE/NR networks. Version 2.7.6 of Open5GS contains a security vulnerability. This vulnerability stems from incorrect operations on the function mmes11handlecreatesessionresponse in the...

CVE-2026-2521

A weakness has been identified in Open5GS up to 2.7.6. This issue affects the function sgwcs5chandlecreatesessionresponse of the component SGW-C. Executing a manipulation can lead to memory corruption. The attack may be performed from remote. The exploit has been made available to the public and...

CVE-2026-2521

A weakness has been identified in Open5GS up to 2.7.6. This issue affects the function sgwcs5chandlecreatesessionresponse of the component SGW-C. Executing a manipulation can lead to memory corruption. The attack may be performed from remote. The exploit has been made available to the public and...

CVE-2026-2521 Open5GS SGW-C sgwc_s5c_handle_create_session_response memory corruption

A weakness has been identified in Open5GS up to 2.7.6. This issue affects the function sgwcs5chandlecreatesessionresponse of the component SGW-C. Executing a manipulation can lead to memory corruption. The attack may be performed from remote. The exploit has been made available to the public and...