CVE-2026-1738

5.3 MEDIUM
Denial of Service

📋 TL;DR

CVE-2026-1738 is a reachable assertion vulnerability in Open5GS SGWC component that allows remote attackers to cause denial of service by manipulating PDR arguments. This affects Open5GS deployments up to version 2.7.6. The vulnerability is remotely exploitable and has a published exploit.

💻 Affected Systems

Products:
  • Open5GS
Versions: Up to and including 2.7.6
Operating Systems: Linux, Unix-like systems
Default Config Vulnerable: ⚠️ Yes
Notes: Affects SGWC (Serving Gateway Control Plane) component specifically

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote denial of service causing SGWC component crash and disruption of 5G core network services

🟠

Likely Case

Service disruption through SGWC component crash requiring restart

🟢

If Mitigated

Limited impact with proper network segmentation and monitoring

🌐 Internet-Facing: HIGH - Attack can be executed remotely without authentication
🏢 Internal Only: MEDIUM - Still exploitable from internal networks but with reduced attack surface

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploit has been published and manipulation of PDR argument is straightforward

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Versions after 2.7.6

Vendor Advisory: https://github.com/open5gs/open5gs/issues/4261

Restart Required: Yes

Instructions:

1. Update Open5GS to version after 2.7.6
2. Restart SGWC service
3. Verify the fix by checking version and monitoring logs

🔧 Temporary Workarounds

Network segmentation

linux

Restrict network access to SGWC component to trusted sources only

iptables -A INPUT -p tcp --dport [SGWC_PORT] -s [TRUSTED_NETWORK] -j ACCEPT
iptables -A INPUT -p tcp --dport [SGWC_PORT] -j DROP

🧯 If You Can't Patch

  • Implement strict network access controls to limit exposure to SGWC component
  • Deploy monitoring and alerting for SGWC process crashes or abnormal behavior

🔍 How to Verify

Check if Vulnerable:

Check Open5GS version: open5gs --version | grep '2.7.6' or earlier

Check Version:

open5gs --version

Verify Fix Applied:

Verify version is above 2.7.6 and monitor SGWC logs for stability

📡 Detection & Monitoring

Log Indicators:

  • SGWC process crashes
  • Assertion failures in /src/sgwc/context.c
  • Abnormal PDR manipulation attempts

Network Indicators:

  • Unexpected traffic to SGWC port with malformed PDR data

SIEM Query:

process:open5gs AND (event:crash OR log_message:"assertion fail*")

📊 Metadata

CVE ID: CVE-2026-1738
CVSS v3 Score: 5.3 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CWE: CWE-617
Published: February 2, 2026
Last Updated: February 4, 2026

🤖 AI-assisted analysis, reviewed for accuracy

🔗 References

📤 Share This