CVE-2026-10157: Open5GS NGAP Improper Authentication Poses Remote Threat
The National Vulnerability Database has identified CVE-2026-10157, a high-severity vulnerability (CVSS 7.3) in Open5GS versions up to 2.7.6. This flaw resides in the src/amf/ngap-handler.c file, specifically within the NGAP PathSwitchRequest Message Handler component. The vulnerability allows for improper authentication, which attackers can exploit remotely.
This isn’t theoretical; an exploit for CVE-2026-10157 is publicly available, meaning active exploitation is a real and present danger. The issue, categorized as CWE-287 (Improper Authentication), underscores a critical weakness that could allow unauthorized access or manipulation within affected Open5GS deployments. The National Vulnerability Database recommends applying the patch identified by a188e36b1741ffc225133f59b1bda4f14d3cb5c immediately.
For defenders, this means a direct path for attackers to bypass authentication in a critical network function. Given Open5GS’s role in 5G core networks, a successful exploit could lead to significant service disruption, data leakage, or unauthorized network access. The remote attack vector and public exploit availability drastically reduce the attacker’s calculus, making this a prime target for opportunistic threat actors.
What This Means For You
- If your organization utilizes Open5GS, you need to verify your version immediately. Patching to address CVE-2026-10157 is not optional; it's a critical security imperative to prevent remote improper authentication. Audit your NGAP Message Handler logs for any suspicious activity or unauthorized connection attempts, especially if you're running vulnerable versions.
Related ATT&CK Techniques
🛡️ Detection Rules
3 rules · 6 SIEM formats3 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.
CVE-2026-10157: Open5GS NGAP PathSwitchRequest Improper Authentication
title: CVE-2026-10157: Open5GS NGAP PathSwitchRequest Improper Authentication
id: scw-2026-05-31-ai-1
status: experimental
level: high
description: |
This rule detects attempts to exploit CVE-2026-10157 in Open5GS by looking for specific HTTP requests targeting the NGAP PathSwitchRequest handler. The vulnerability lies in improper authentication within this component, allowing remote attackers to potentially compromise the system. The presence of '/ngap/pathswitchrequest' in the URI with a POST method is a strong indicator of an attempted exploit.
author: SCW Feed Engine (AI-generated)
date: 2026-05-31
references:
- https://shimiscyberworld.com/posts/nvd-CVE-2026-10157/
tags:
- attack.initial_access
- attack.t1190
logsource:
category: webserver
detection:
selection:
cs-uri|contains:
- '/ngap/pathswitchrequest'
cs-method:
- 'POST'
condition: selection
falsepositives:
- Legitimate administrative activity
Source: Shimi's Cyber World · License & reuse
Indicators of Compromise
| ID | Type | Indicator |
|---|---|---|
| CVE-2026-10157 | Auth Bypass | Open5GS up to 2.7.6 |
| CVE-2026-10157 | Auth Bypass | Open5GS src/amf/ngap-handler.c |
| CVE-2026-10157 | Auth Bypass | Open5GS NGAP PathSwitchRequest Message Handler |
Written by SCW Vulnerability Desk
Source & Attribution
| Source Platform | NVD |
| Channel | National Vulnerability Database |
| Published | May 31, 2026 at 05:16 UTC |
This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.
Believe this infringes your rights? Submit a takedown request.
Related coverage
CVE-2026-48209: OTRS XSS Exposes Agent Sessions to Attackers
CVE-2026-48209 — An improper neutralization of user-controllable input in OTRS or ((OTRS)) Community Edition ticket handling allows authenticated attackers to perform reflected cross-site scripting (XSS)...
CVE-2026-48208 — Denial of Service
CVE-2026-48208 — An improper neutralization of active SVG content in OTRS or ((OTRS)) Community Edition ticket article rendering allows attackers to inject specially crafted SVG...
CVE-2026-48189 — OTRS Customer Backend Module Vulnerability
CVE-2026-48189 — An improper Input Validation vulnerability in OTRS Customer Backend module allows to access customer information which are restricted to other groups. Please note...