CVE-2026-14618
MediumCVSS 4.3Exploitation Probability (EPSS)
Low risk23th percentile — higher than 23% of all known CVEs
Summary
A denial of service vulnerability was found in the AMF component of Open5GS up to version 2.7.7. The function amf_nnrf_handle_nf_discover in src/amf/nnrf-handler.c can be exploited remotely. The exploit is publicly available.
Risk Assessment
The attack may cause the AMF to become unavailable, disrupting 5G network operations and end-user services.
Recommendation
Apply the patch identified by commit fb5f67703de0213fb9c6e6ef3b48b6c1707e9503 or upgrade Open5GS to a version newer than 2.7.7 immediately.
Original NVD description (English source)
A vulnerability was detected in Open5GS up to 2.7.7. Affected by this vulnerability is the function amf_nnrf_handle_nf_discover of the file src/amf/nnrf-handler.c of the component AMF. The manipulation results in denial of service. The attack may be launched remotely. The exploit is now public and may be used. The patch is identified as fb5f67703de0213fb9c6e6ef3b48b6c1707e9503. It is best practice to apply a patch to resolve this issue.

