Open5GS denial of service vulnerability (CVE-2026-7535)
CVE number = CVE-2026-7535
A vulnerability was found in Open5GS up to 2.7.7.
This affects the function amf_namf_comm_handle_registration_status_update_request in the library /lib/app/ogs-init.c of the file /namf-comm/v1/ue-contexts/{ueContextId}/transfer-update.
Performing a manipulation of the argument ueContextId results in denial of service.
The attack can be initiated remotely.
The exploit has been made public and could be used.
Further details – https://github.com/open5gs/open5gs/issues/4399

I am one of the editors here at www.systemtek.co.uk I am a UK based technology professional, with an interest in computer security and telecoms.
