Title: Open5GS SGWC v2.7.6 Denial of Service Vulnerability: Denial of Service (DoS) Product: Open5GS SGWC v2.7.6 Description: - The SGW-C can be forced to abort (SIGABRT / core dumped) by triggering the UpdateBearerResponse handling path associated with a Bearer Resource Command transaction. - The-bearing identifier used for lookup is derived from the S5-C transaction association. If the session/bearer is removed while the Bearer Resource Command/Update Bearer procedure is still in flight, the subsequent UpdateBearerResponse can cause the bearer lookup to return 'NULL'. This results in a remote DoS. CVSS Score: 3.1 (AV:N/AC:L/PR:N/UI:N/S:U:C/N/I/N/A:H) Source: Franky Lin (UID 94345) Source URL: https://github.com/open5gs/open5gs/issues/4269 Submission Date: 01/14/2026 04:11 AM Moderation Status: Duplicate VulDB Entry: 341595