Nixpkgs security tracker

Login with GitHub

⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Suggestion detail

Untriaged

Permalink CVE-2026-2524

5.3 MEDIUM

CVSS version: 3.1
Attack vector (AV):
Attack complexity (AC):
Privileges required (PR):
User interaction (UI):
Scope (S):
Confidentiality impact (C):
Integrity impact (I):
Availability impact (A):

created 1 month, 3 weeks ago

Open5GS MME mme_s11_handle_create_session_response denial of service

A flaw has been found in Open5GS 2.7.6. The impacted element is the function mme_s11_handle_create_session_response of the component MME. This manipulation causes denial of service. The attack can be initiated remotely. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet.

References

VDB-346112 | Open5GS MME mme_s11_handle_create_session_response denial of service vdb-entrytechnical-description
VDB-346112 | CTI Indicators (IOB, IOC, TTP, IOA) signaturepermissions-required
Submit #738369 | Open5GS MME v2.7.6 Denial of Service third-party-advisory
https://github.com/open5gs/open5gs/issues/4284 issue-tracking
https://github.com/open5gs/open5gs/issues/4284#issue-3808462406 exploitissue-tracking
https://github.com/open5gs/open5gs/ product

Affected products

Open5GS

==2.7.6

Matching in nixpkgs

pkgs.open5gs

4G/5G core network components

nixos-unstable 2.7.6
- nixpkgs-unstable 2.7.6
- nixos-unstable-small 2.7.6
nixos-25.11 2.7.6
- nixos-25.11-small 2.7.6
- nixpkgs-25.11-darwin 2.7.6

pkgs.open5gs-webui

4G/5G core network components

nixos-unstable 2.7.6
- nixpkgs-unstable 2.7.6
- nixos-unstable-small 2.7.6
nixos-25.11 2.7.6
- nixos-25.11-small 2.7.6
- nixpkgs-25.11-darwin 2.7.6

Package maintainers

@Bot-wxt1221 Bot-wxt1221 <3264117476@qq.com>
@xddxdd Yuhui Xu <b980120@hotmail.com>