Skip to main content

OMEC AMF CVE-2026-8781

| EUVDEUVD-2026-30726 LOW
NULL Pointer Dereference (CWE-476)
2026-05-18 VulDB GHSA-4qf2-p32m-7hmf
2.1
CVSS 4.0 · NVD

Severity by source

NVD PRIMARY
2.1 LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

4
Source Code Evidence Fetched
May 18, 2026 - 02:29 vuln.today
Analysis Generated
May 18, 2026 - 02:29 vuln.today
Severity Changed
May 18, 2026 - 02:22 NVD
MEDIUM LOW
CVSS changed
May 18, 2026 - 02:22 NVD
4.3 (MEDIUM) 2.1 (LOW)

DescriptionCVE.org

A security flaw has been discovered in omec-project amf up to 2.1.3-dev. The impacted element is the function RANConfiguration of the file ngap/handler.go. The manipulation results in null pointer dereference. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks. Upgrading to version 2.2.0 is sufficient to resolve this issue. Upgrading the affected component is recommended. The same pull request fixes multiple security issues.

AnalysisAI

Null pointer dereference in OMEC Project AMF versions up to 2.1.3-dev allows remote authenticated attackers to trigger denial of service via crafted NGAP messages to the RANConfiguration function. The vulnerability (CVE-2026-8781) affects the Access and Mobility Management Function component of the Open Mobile Evolved Core, a critical element in 5G networks. Publicly available exploit code exists (GitHub issue #673), but CVSS 2.1 (Low) reflects limited availability impact and low-privilege authentication requirement. Vendor-released patch: version 2.2.0 (GitHub PR #666).

Technical ContextAI

The OMEC Project AMF (Access and Mobility Management Function) implements the 5G core network control plane handling UE registration and mobility. The vulnerability resides in ngap/handler.go's RANConfiguration function, which processes NGAP (NG Application Protocol) messages exchanged between the AMF and radio access network (RAN). CWE-476 (NULL Pointer Dereference) occurs when the code fails to validate input before dereferencing pointers, typically when parsing malformed SUCI (Subscription Concealed Identifier) data or NGAP PDU structures. The patch (PR #666) adds defensive null checks across multiple handlers (gmm/handler.go, ngap/dispatcher.go, nas/nas_security/security.go) and validates MobileIdentity5GS contents before processing. The CPE cpe:2.3:a:omec-project:amf identifies all versions prior to 2.2.0 as vulnerable. This affects deployments using OMEC as a 5G core solution, particularly in private 5G or edge computing scenarios.

RemediationAI

Upgrade OMEC Project AMF to version 2.2.0 or later, which includes comprehensive null-pointer checks introduced in GitHub pull request #666 (https://github.com/omec-project/amf/pull/666). The patch adds defensive validation across RANConfiguration (ngap/handler.go), HandleIdentityResponse (gmm/handler.go with new test coverage), DispatchLb and DispatchNgapMsg (ngap/dispatcher.go), and FetchUeContextWithMobileIdentity (nas/nas_security/security.go). Release artifact available at https://github.com/omec-project/amf/releases/tag/v2.2.0. If immediate upgrade is not feasible, implement strict input validation at NGAP ingress points: enforce SCTP association authentication via IPsec ESP or DTLS on N2 interface, restrict NGAP message acceptance to cryptographically verified gNodeB sources, and deploy rate limiting on registration requests to mitigate DoS impact. Note that workarounds reduce but do not eliminate risk - null pointer triggering depends on specific malformed SUCI or PDU structures that may bypass shallow validation. Monitor AMF process health and configure automatic restart on segmentation faults as a containment measure, though this introduces brief service interruption during recovery. Full remediation requires the vendor patch.

More in Amf

View all
CVE-2025-69248 HIGH POC
7.5 Feb 23

free5GC is an open-source project for 5th generation (5G) mobile core networks. Versions up to and including 1.4.1 of fr

CVE-2026-14623 LOW POC
2.1 Jul 04

Denial of service in omec-project AMF (Access and Mobility Management Function) versions up to 2.1.1 allows a low-privil

CVE-2026-14624 LOW POC
2.1 Jul 04

Denial of service in omec-project's 5G Access and Mobility Management Function (AMF) versions up to 2.0.2 and 2.1.1 allo

CVE-2026-8783 LOW POC
2.1 May 18

Null pointer dereference in OMEC Project AMF (Access and Mobility Management Function) versions up to 2.1.3-dev allows a

CVE-2026-8782 LOW POC
2.1 May 18

Remote denial of service in omec-project AMF versions up to 2.1.3-dev allows authenticated attackers to crash the Access

CVE-2026-9301 LOW POC
2.1 May 23

Memory corruption in OMEC Project AMF (Access and Mobility Management Function) versions up to 2.1.1 allows authenticate

CVE-2026-9300 LOW POC
2.1 May 23

Memory corruption in the omec-project AMF (Access and Mobility Management Function) NGSetupRequest Handler allows networ

CVE-2026-9299 LOW POC
2.1 May 23

Memory corruption in omec-project AMF versions up to 2.1.1 exposes 5G core network infrastructure to remote exploitation

CVE-2026-9298 LOW POC
2.1 May 23

Memory corruption in omec-project AMF (Access and Mobility Management Function) through version 2.1.1 allows authenticat

CVE-2026-8780 LOW POC
2.1 May 18

Memory corruption in omec-project AMF versions up to 2.1.3-dev allows authenticated remote attackers to trigger low-seve

CVE-2026-8779 LOW POC
2.1 May 18

Memory corruption in OMEC Project's Access and Mobility Management Function (AMF) allows authenticated remote attackers

CVE-2026-8349 LOW POC
2.1 May 11

Memory corruption in OMEC Project AMF up to version 2.1.1 occurs in the NGAP Message Handler when processing malformed m

Share

CVE-2026-8781 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy