CVE-2026-8292 Overview
CVE-2026-8292 is a denial of service vulnerability affecting Open5GS releases up to and including version 2.7.7. The flaw resides in the yuarel_parse function within the /lib/sbi/conv.c library, which is part of the Network Repository Function (NRF) component. Attackers can manipulate the hnrf-uri argument to trigger a denial of service condition remotely. The issue is tracked under CWE-404: Improper Resource Shutdown or Release. Public disclosure of the exploit technique has occurred, but the Open5GS project has not yet responded to the upstream issue report.
Critical Impact
Remote attackers with low privileges can disrupt the availability of the Open5GS NRF component, impairing 5G Service-Based Architecture (SBA) signaling within affected deployments.
Affected Products
- Open5GS versions up to and including 2.7.7
- Open5GS NRF (Network Repository Function) component
- Open5GS /lib/sbi/conv.c library leveraging yuarel_parse
Discovery Timeline
- 2026-05-11 - CVE-2026-8292 published to NVD
- 2026-05-14 - Last updated in NVD database
Technical Details for CVE-2026-8292
Vulnerability Analysis
The vulnerability exists in Open5GS, an open source implementation of 5G Core and EPC functions. The defect is located in the yuarel_parse function within the /lib/sbi/conv.c source file, which handles URI parsing for the Service-Based Interface (SBI). The NRF component, responsible for service discovery and registration across 5G network functions, invokes this parser to process the hnrf-uri argument. Improperly handled input to this argument leads to a denial of service condition consistent with CWE-404: Improper Resource Shutdown or Release. Because the NRF is a central control plane element, its disruption can cascade to dependent network functions that rely on it for discovery and registration. The exploit technique has been publicly disclosed through the GitHub Issue #4457 and the VulDB Vulnerability #362589 entries.
Root Cause
The root cause is improper resource handling in the yuarel_parse URI parsing routine. When the function processes a malformed or unexpected hnrf-uri value, it fails to release or manage resources cleanly, causing the NRF process to enter a denial of service state. The parser does not adequately validate the structure of the supplied URI before passing it to subsequent processing steps.
Attack Vector
The attack is conducted over the network against an Open5GS NRF instance. The attacker must possess low-level privileges to submit a crafted hnrf-uri argument to the SBI endpoint. No user interaction is required. Successful exploitation degrades the availability of the NRF, while confidentiality and integrity remain unaffected according to the published CVSS vector. Refer to the Open5GS source repository for the affected code paths.
Detection Methods for CVE-2026-8292
Indicators of Compromise
- Unexpected crashes, restarts, or unresponsiveness of the Open5GS NRF process following SBI traffic from untrusted sources.
- SBI request logs containing malformed or unusual hnrf-uri parameter values directed at the NRF.
- Loss of service registration or discovery functionality among dependent 5G network functions.
Detection Strategies
- Monitor Open5GS NRF process health and restart counters to identify abnormal termination patterns.
- Inspect HTTP/2 SBI traffic for malformed URI parameters submitted to NRF endpoints.
- Correlate NRF availability events with upstream source IPs to identify suspicious clients.
Monitoring Recommendations
- Centralize Open5GS logs and NRF telemetry in a security analytics platform to track anomalies.
- Alert on repeated hnrf-uri parsing errors or crash signatures in the NRF logs.
- Track availability metrics for the 5G control plane and correlate with network-level access logs.
How to Mitigate CVE-2026-8292
Immediate Actions Required
- Restrict network exposure of the Open5GS NRF SBI to trusted 5G core elements only, using firewalls or service mesh policies.
- Enforce mutual TLS and least-privilege access controls on the SBI to limit who can submit hnrf-uri parameters.
- Monitor the Open5GS GitHub Issue #4457 for upstream remediation updates.
Patch Information
No official vendor patch is currently available. The Open5GS project has been notified through the GitHub Issue #4457 but has not yet responded. Operators should track the Open5GS repository for fixes addressing the yuarel_parse function in /lib/sbi/conv.c and apply them once released.
Workarounds
- Place the Open5GS NRF behind a reverse proxy or API gateway that validates hnrf-uri parameter syntax before forwarding requests.
- Apply rate limiting on the SBI interface to reduce the impact of repeated malformed requests.
- Segment the 5G core control plane network so that only authenticated network functions can reach the NRF.
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
