CVE-2026-10565
LOW
1,3
Source: [email protected]
Attack Vector: network
Attack Complexity: high
Privileges Required: low
User Interaction: none
Confidentiality: N/A
Integrity: N/A
Availability: N/A
LOW
3,1
Source: [email protected]
Attack Vector: network
Attack Complexity: high
Privileges Required: low
User Interaction: none
Scope: unchanged
Confidentiality: none
Integrity: none
Availability: low
LOW
2,1
Source: [email protected]
Access Vector: network
Access Complexity: high
Authentication: single
Confidentiality: none
Integrity: none
Availability: partial
Description
AI Translation Available
A security flaw has been discovered in Open5GS up to 2.7.6. The impacted element is the function gmm_state_security_mode of the file src/amf/gmm-sm.c of the component NGAP Handover. Performing a manipulation results in race condition. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitability is regarded as difficult. The exploit has been released to the public and may be used for attacks. The pull request to fix this issue awaits acceptance.
362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
DraftCommon Consequences
Security Scopes Affected:
Availability
Confidentiality
Integrity
Access Control
Potential Impacts:
Dos: Resource Consumption (Cpu)
Dos: Resource Consumption (Memory)
Dos: Resource Consumption (Other)
Dos: Crash, Exit, Or Restart
Dos: Instability
Read Files Or Directories
Read Application Data
Execute Unauthorized Code Or Commands
Gain Privileges Or Assume Identity
Bypass Protection Mechanism
Applicable Platforms
Languages:
C, C++, Java
Technologies:
Mobile, ICS/OT
https://github.com/open5gs/open5gs/
https://github.com/open5gs/open5gs/issues/4497
https://github.com/open5gs/open5gs/pull/4501
https://github.com/user-attachments/files/27111025/N2-SMC-Concurrent.zip
https://vuldb.com/cve/CVE-2026-10565
https://vuldb.com/submit/818938
https://vuldb.com/vuln/367672
https://vuldb.com/vuln/367672/cti