{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2026-8746","assignerOrgId":"1af790b2-7ee1-4545-860a-a788eba489b5","state":"PUBLISHED","assignerShortName":"VulDB","dateReserved":"2026-05-16T12:38:45.771Z","datePublished":"2026-05-17T10:15:08.674Z","dateUpdated":"2026-05-18T20:07:35.643Z"},"containers":{"cna":{"providerMetadata":{"orgId":"1af790b2-7ee1-4545-860a-a788eba489b5","shortName":"VulDB","dateUpdated":"2026-05-17T10:15:08.674Z"},"title":"Open5GS NRF nghttp2-server.c discover_handler use after free","problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-416","lang":"en","description":"Use After Free"}]},{"descriptions":[{"type":"CWE","cweId":"CWE-119","lang":"en","description":"Memory Corruption"}]}],"affected":[{"vendor":"n/a","product":"Open5GS","versions":[{"version":"2.7.0","status":"affected"},{"version":"2.7.1","status":"affected"},{"version":"2.7.2","status":"affected"},{"version":"2.7.3","status":"affected"},{"version":"2.7.4","status":"affected"},{"version":"2.7.5","status":"affected"},{"version":"2.7.6","status":"affected"},{"version":"2.7.7","status":"affected"}],"cpes":["cpe:2.3:a:open5gs:open5gs:*:*:*:*:*:*:*:*"],"modules":["NRF"]}],"descriptions":[{"lang":"en","value":"A security flaw has been discovered in Open5GS up to 2.7.7. Affected by this issue is the function discover_handler in the library /lib/sbi/nghttp2-server.c of the component NRF. The manipulation results in use after free. The attack can be launched remotely. The exploit has been released to the public and may be used for attacks. The project was informed of the problem early through an issue report but has not responded yet."}],"metrics":[{"cvssV4_0":{"version":"4.0","baseScore":5.3,"vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P","baseSeverity":"MEDIUM"}},{"cvssV3_1":{"version":"3.1","baseScore":4.3,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R","baseSeverity":"MEDIUM"}},{"cvssV3_0":{"version":"3.0","baseScore":4.3,"vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R","baseSeverity":"MEDIUM"}},{"cvssV2_0":{"version":"2.0","baseScore":4,"vectorString":"AV:N/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:ND/RC:UR"}}],"timeline":[{"time":"2026-05-16T00:00:00.000Z","lang":"en","value":"Advisory disclosed"},{"time":"2026-05-16T02:00:00.000Z","lang":"en","value":"VulDB entry created"},{"time":"2026-05-16T14:43:50.000Z","lang":"en","value":"VulDB entry last update"}],"credits":[{"lang":"en","value":"ZiyuLin (VulDB User)","type":"reporter"},{"lang":"en","value":"VulDB CNA Team","type":"coordinator"}],"references":[{"url":"https://vuldb.com/vuln/364333","name":"VDB-364333 | Open5GS NRF nghttp2-server.c discover_handler use after free","tags":["vdb-entry","technical-description"]},{"url":"https://vuldb.com/vuln/364333/cti","name":"VDB-364333 | CTI Indicators (IOB, IOC, IOA)","tags":["signature","permissions-required"]},{"url":"https://vuldb.com/submit/817032","name":"Submit #817032 | Open5GS NRF v2.7.7 Denial of Service","tags":["third-party-advisory"]},{"url":"https://github.com/open5gs/open5gs/issues/4476","tags":["exploit","issue-tracking"]},{"url":"https://github.com/open5gs/open5gs/","tags":["product"]}]},"adp":[{"references":[{"url":"https://vuldb.com/submit/817032","tags":["exploit"]}],"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2026-05-18T20:06:33.437890Z","id":"CVE-2026-8746","options":[{"Exploitation":"poc"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-05-18T20:07:35.643Z"}}]}}