CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

ATTACKERKB•added 3 days ago•6 views

CVE-2026-10565

Cvelist•added 3 days ago•32 views

CVE-2026-10565 Open5GS NGAP Handover gmm-sm.c gmm_state_security_mode race condition

3.1CVSS0.00041EPSS

CVE•added 3 days ago•10 views

CVE-2026-10565

CVE-2026-10565 affects Open5GS up to 2.7.6, in NGAP Handover’s function gmm_state_security_mode (src/amf/gmm-sm.c). The issue is a race condition caused by manipulation, exploitable remotely with high attack complexity and low likelihood of full compromise; impact includes partial availability. T...

EUVD•added 3 days ago•9 views

EUVD-2026-33871

Vulnrichment•added 3 days ago•6 views

CVE-2026-10565 Open5GS NGAP Handover gmm-sm.c gmm_state_security_mode race condition

Positive Technologies•added 3 days ago•10 views

PT-2026-45683

A security flaw has been discovered in Open5GS up to 2.7.6. The impacted element is the function gmm state security mode of the file src/amf/gmm-sm.c of the component NGAP Handover. Performing a manipulation results in race condition. The attack can be initiated remotely. The complexity of an...

RedhatCVE•added 2026/05/28 8:13 p.m.•7 views

Exploits0References9

CVE-2026-42082

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, the AMF in Free5GC does not enforce the concurrent security procedure rules defined in 3GPP TS 33.501 §6.9.5.1. The AMF does not check for ongoing N2 handover procedures before initiating a NAS Security Mode Command,...

5.4CVSS5.8AI score0.00042EPSS

Snyk•added 2026/05/27 5:34 p.m.•5 views

Improperly Implemented Security Check for Standard

Overview Affected versions of this package are vulnerable to Improperly Implemented Security Check for Standard due to improper enforcement of security rules during concurrent execution of Security Mode Command and N2 handover procedures. An attacker can cause handover failures and disrupt networ...

Snyk•added 2026/05/27 5:34 p.m.•5 views

Improperly Implemented Security Check for Standard

Snyk•added 2026/05/27 5:34 p.m.•6 views

Improperly Implemented Security Check for Standard

Snyk•added 2026/05/27 5:34 p.m.•4 views

Improperly Implemented Security Check for Standard

NVD•added 2026/05/27 5:16 p.m.•9 views

CVE-2026-44474

Ella Core is a 5G core designed for private networks. Prior to 1.10.0, Ella Core didn't enforce security rules on concurrent running of security procedures defined in TS 33.501 §6.9.5.1 — it could send a NAS Security Mode Command while an N2 handover was still pending and vice versa. Concurrent...

3.7CVSS0.00018EPSS

Exploits0References1

NVD•added 2026/05/27 5:16 p.m.•11 views

CVE-2026-42082

5.4CVSS0.00042EPSS

NVD•added 2026/05/27 5:16 p.m.•9 views

CVE-2026-42081

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, the AMF in Free5GC does not verify the UE Security Capabilities received in NGAP PathSwitchRequest messages against its locally stored values, as mandated by 3GPP TS 33.501 §6.7.3.1. A malicious gNB can overwrite the...

7.1CVSS0.0003EPSS

ATTACKERKB•added 2026/05/27 3:59 p.m.•7 views

CVE-2026-42081

6.1CVSS5.9AI score0.0003EPSS

Exploits1References2Affected Software1

Cvelist•added 2026/05/27 3:59 p.m.•37 views

CVE-2026-42081 free5GC: UE Security Capability bypass on NGAP PathSwitchRequest

6.1CVSS0.0003EPSS

EUVD•added 2026/05/27 3:59 p.m.•5 views

EUVD-2026-32557

6.1CVSS5.9AI score0.0003EPSS

CVE•added 2026/05/27 3:59 p.m.•7 views

CVE-2026-42081

CVE-2026-42081 — free5GC AMF UE Security Capabilities bypass (NGAP PathSwitchRequest) Affected software: free5GC AMF (prior to 4.2.2). What is vulnerable: The AMF does not verify UE security capabilities received in NGAP PathSwitchRequest against locally stored values, allowing a malicious gNB to...

7.1CVSS5.9AI score0.0003EPSS

Exploits1References1Affected Software1

Vulnrichment•added 2026/05/27 3:59 p.m.•6 views

CVE-2026-42081 free5GC: UE Security Capability bypass on NGAP PathSwitchRequest

6.1CVSS5.9AI score0.0003EPSS