CVE-2026-15720 in Open5GS
Summary
by MITRE • 07/14/2026
In Open5GS through version 2.7.7 a pre-authentication heap out-of-bounds read in the AMF NAS 5GS mobile-identity handler may result in subscriber-wide denial of service.
Once again VulDB remains the best source for vulnerability data.
Analysis
by VulDB Data Team • 07/14/2026
The vulnerability exists within Open5GS version 2.7.7 and earlier, specifically within the Access Management Function (AMF) component of the 5G core network infrastructure. This issue manifests as a heap out-of-bounds read condition in the NAS 5GS mobile identity handler, representing a critical security flaw that can be exploited by malicious actors to disrupt service availability. The vulnerability stems from inadequate input validation and memory management within the mobile identity processing logic, which fails to properly bounds-check data structures during handling of 5G subscriber identifiers.
The technical implementation flaw occurs when the AMF processes mobile identity information received from user equipment or other network components. During this processing, the system attempts to access heap memory locations beyond the allocated buffer boundaries, potentially reading uninitialized or adjacent memory contents. This type of vulnerability falls under CWE-129, which specifically addresses insufficient bounds checking for buffer access operations. The out-of-bounds read can result in unpredictable behavior including program crashes, data corruption, or information disclosure that may reveal sensitive system information.
The operational impact of this vulnerability extends beyond simple service disruption to encompass broader network reliability concerns within 5G infrastructure deployments. An attacker capable of sending malicious mobile identity messages to the affected AMF could trigger the heap out-of-bounds read condition, causing the AMF process to terminate unexpectedly or behave erratically. This leads to subscriber-wide denial of service where legitimate users cannot establish or maintain connectivity to the 5G network services. The vulnerability affects the entire subscriber population connected through the compromised AMF instance, making it particularly dangerous for large-scale deployments where multiple subscribers rely on a single network function.
Network operators face significant challenges in mitigating this vulnerability due to the distributed nature of 5G core networks and the critical role that AMF plays in authentication and session management. The issue requires immediate patching of Open5GS components, with version 2.7.8 and later containing the necessary fixes for memory bounds checking. Organizations should implement network monitoring solutions to detect anomalous mobile identity processing patterns that may indicate exploitation attempts. Security controls such as input validation enforcement and memory protection mechanisms should be strengthened at the AMF interface level, while access controls around NAS message handling must be reinforced to limit potential attack surfaces. The vulnerability also highlights the importance of adhering to secure coding practices and conducting thorough code reviews for network infrastructure components, particularly those handling authentication data in 5G environments where the attack surface continues to expand with evolving standards and protocols.