3708 matches found
Quality-of-Service Feature Side Channels
Revisions Revision Date| Description ---|--- 2026-05-12| Initial publication...
CVE-2026-8289
A vulnerability was identified in Open5GS up to 2.7.7. This vulnerability affects the function smfnsmfhandleupdatedatainvsmf of the file /src/smf/nsmf-handler.c of the component SMF. The manipulation of the argument qosFlowProfile leads to denial of service. Remote exploitation of the attack is...
CVE-2026-8289
Technical details (affected software, root cause, impact, and remediation) are not publicly available in the provided documents. Monitor for updates.
CVE-2026-8288
Open5GS SMF vulnerability CVE-2026-8288 affects the gsm_handle_pdu_session_modification_qos_flow_descriptions function in gsm-handler.c. Input manipulation of n1SmMsg can trigger a denial of service, with remote exploitation and a publicly disclosed exploit. A fix is proposed in a pull request aw...
CVE-2026-8270
A vulnerability was determined in Open5GS up to 2.7.7. The affected element is the function ogsnasparseqosrules of the component SMF. Executing a manipulation can lead to denial of service. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. The proje...
PT-2026-39596
A vulnerability was identified in Open5GS up to 2.7.7. This vulnerability affects the function smf nsmf handle update data in vsmf of the file /src/smf/nsmf-handler.c of the component SMF. The manipulation of the argument qosFlowProfile leads to denial of service. Remote exploitation of the attac...
CVE-2026-8251
A vulnerability was found in Open5GS up to 2.7.7. This impacts the function updateauthorizedpccruleandqos of the file /src/smf/npcf-handler.c of the component SMF. Performing a manipulation results in denial of service. The attack is possible to be carried out remotely. The exploit has been made...
CVE-2026-8251 Open5GS SMF npcf-handler.c update_authorized_pcc_rule_and_qos denial of service
A vulnerability was found in Open5GS up to 2.7.7. This impacts the function updateauthorizedpccruleandqos of the file /src/smf/npcf-handler.c of the component SMF. Performing a manipulation results in denial of service. The attack is possible to be carried out remotely. The exploit has been made...
CVE-2026-8250 Open5GS SMF n4-build.c smf_n4_build_qos_flow_to_modify_list denial of service
A vulnerability has been found in Open5GS up to 2.7.7. This affects the function smfn4buildqosflowtomodifylist of the file /src/smf/n4-build.c of the component SMF. Such manipulation leads to denial of service. The attack can be executed remotely. The exploit has been disclosed to the public and...
CVE-2026-8249 Open5GS SMF npcf-handler.c update_authorized_pcc_rule_and_qos denial of service
A flaw has been found in Open5GS up to 2.7.7. The impacted element is the function updateauthorizedpccruleandqos of the file /src/smf/npcf-handler.c of the component SMF. This manipulation causes denial of service. Remote exploitation of the attack is possible. The exploit has been published and...
CVE-2026-8249
Open5GS up to version 2.7.7 is affected. The vulnerable element is the function update_authorized_pcc_rule_and_qos in file /src/smf/npcf-handler.c (SMF component). The issue allows remote denial of service through manipulation described in the CVE, with exploitation possible and an exploit publis...
PT-2026-39544
Name of the Vulnerable Software and Affected Versions Open5GS versions prior to 2.7.8 Description A remote denial of service issue exists in the SMF component. The flaw is located in the update authorized pcc rule and qos function within the /src/smf/npcf-handler.c file. Manipulation of this...
Open5GS 安全漏洞
Open5GS is an open-source implementation of 5G Core and EPC in C language, which serves as the core network for LTE/NR networks. Versions of Open5GS 2.7.7 and earlier contain security vulnerabilities. These vulnerabilities stem from the updateauthorizedpccruleandqos function in the SMF component...
PT-2026-39542
Name of the Vulnerable Software and Affected Versions Open5GS versions prior to 2.7.8 Description A flaw in the SMF component allows remote attackers to cause a denial of service. The issue exists within the update authorized pcc rule and qos function located in the /src/smf/npcf-handler.c file...
EUVD-2026-28707
In the Linux kernel, the following vulnerability has been resolved: cpufreq: intelpstate: Fix NULL pointer dereference in updatecpuqosrequest The updatecpuqosrequest function attempts to initialize the 'freq' variable by dereferencing 'cpudata' before verifying if the 'policy' is valid. This issu...
Linux Distros Unpatched Vulnerability : CVE-2026-43401
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: cpufreq: intelpstate: Fix NULL pointer dereference in updatecpuqosrequest The...
Cyber Insurance Requirements for Cybersecurity
Cyber Insurance Requirements for Cybersecurity Cyber insurance requirements cybersecurity teams face today are stricter than they were even a few years ago. Underwriters no longer accept a simple security questionnaire and a list of tools. They want evidence that your organization can identify...
Before the Breach, There Was a Test Environment
Key Takeaways Most security failures do not begin where they are discovered. By the time risk becomes visible in production, the decisions that created it are often already sitting in test environments. “Temporary” test infrastructure often becomes permanent, creating persistent misconfigurations...
Root-Cause-Driven Automated Vulnerability Repair
Recent LLM-based systems have made automated vulnerability repair increasingly practical, but two challenges remain. First, without strong signals about where a bug originates, repair agents drift toward shallow edits that silence the observed failure while leaving the underlying defect unresolve...
Generating Proof-Of-Vulnerability Tests to Help Enhance the Security of Complex Software
Developers create modern software applications Apps on top of third-party libraries Libs. When library vulnerabilities are reachable through application code, the applications can be vulnerable to software supply chain attacks. Prior work shows that developers often require concrete and executabl...