Skip to main content

omec-project AMF CVE-2026-8782

| EUVDEUVD-2026-30725 LOW
NULL Pointer Dereference (CWE-476)
2026-05-18 VulDB GHSA-6h8r-h22r-jj64
2.1
CVSS 4.0 · NVD

Severity by source

NVD PRIMARY
2.1 LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

4
Source Code Evidence Fetched
May 18, 2026 - 02:29 vuln.today
Analysis Generated
May 18, 2026 - 02:29 vuln.today
Severity Changed
May 18, 2026 - 02:22 NVD
MEDIUM LOW
CVSS changed
May 18, 2026 - 02:22 NVD
4.3 (MEDIUM) 2.1 (LOW)

DescriptionCVE.org

A weakness has been identified in omec-project amf up to 2.1.3-dev. This affects an unknown function of the file ngap/handler.go of the component NGAP Message Handler. This manipulation causes null pointer dereference. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be used for attacks. Upgrading to version 2.2.0 mitigates this issue. It is recommended to upgrade the affected component. The same pull request fixes multiple security issues.

AnalysisAI

Remote denial of service in omec-project AMF versions up to 2.1.3-dev allows authenticated attackers to crash the Access and Mobility Management Function via crafted NGAP messages that trigger null pointer dereference in ngap/handler.go. Public exploit code exists (GitHub issue #674). Affects OMEC 5G core network deployments. Patched in version 2.2.0 via PR #666, which addresses multiple security issues including malformed SUCI handling and missing null checks across NGAP message parsing.

Technical ContextAI

The OMEC (Open Mobile Evolved Core) AMF is a 5G core network function implementing the Access and Mobility Management Function per 3GPP specifications. It handles registration, authentication, and mobility for 5G user equipment via the NGAP (Next Generation Application Protocol) interface with gNodeBs. This vulnerability (CWE-476) stems from missing null pointer validation in ngap/handler.go and related message processing paths. The source code diff reveals systemic insufficient error handling when parsing NGAP PDUs, SCTP load balancer messages, and NAS mobile identity fields (SUCI - Subscription Concealed Identifier). Specifically, the code failed to validate that mobileIdentity5GSContents, NGAP PDU objects, RAN context pointers, and SCTP connection objects were non-null before dereferencing, leading to null pointer exceptions when malformed or unexpected protocol messages arrived. The fix introduced defensive null checks at dispatcher and handler entry points plus improved PLMN ID decoding with explicit error returns.

RemediationAI

Upgrade to omec-project AMF version 2.2.0 or later, confirmed patched per vendor release notes at https://github.com/omec-project/amf/releases/tag/v2.2.0. The fix is delivered via PR #666 (https://github.com/omec-project/amf/pull/666), which addresses multiple null pointer vulnerabilities including the NGAP handler issue plus related input validation flaws in SUCI decoding and metrics telemetry. For environments unable to immediately upgrade, implement strict NGAP peer authentication and network segmentation to limit exposure to trusted gNodeB infrastructure only - restrict SCTP connectivity (typically port 38412) to known base station IP addresses via firewall rules. Monitor AMF logs for repeated restarts or null pointer exceptions in ngap/handler.go as indicators of exploitation attempts. Note that workarounds provide only partial mitigation since the vulnerability is in core protocol handling; the firewall restrictions reduce attack surface but do not eliminate risk from compromised or rogue base stations within the trust boundary. Plan upgrade during maintenance window as AMF restart will briefly disrupt 5G registrations.

More in Amf

View all
CVE-2025-69248 HIGH POC
7.5 Feb 23

free5GC is an open-source project for 5th generation (5G) mobile core networks. Versions up to and including 1.4.1 of fr

CVE-2026-14623 LOW POC
2.1 Jul 04

Denial of service in omec-project AMF (Access and Mobility Management Function) versions up to 2.1.1 allows a low-privil

CVE-2026-14624 LOW POC
2.1 Jul 04

Denial of service in omec-project's 5G Access and Mobility Management Function (AMF) versions up to 2.0.2 and 2.1.1 allo

CVE-2026-8783 LOW POC
2.1 May 18

Null pointer dereference in OMEC Project AMF (Access and Mobility Management Function) versions up to 2.1.3-dev allows a

CVE-2026-8781 LOW POC
2.1 May 18

Null pointer dereference in OMEC Project AMF versions up to 2.1.3-dev allows remote authenticated attackers to trigger d

CVE-2026-9301 LOW POC
2.1 May 23

Memory corruption in OMEC Project AMF (Access and Mobility Management Function) versions up to 2.1.1 allows authenticate

CVE-2026-9300 LOW POC
2.1 May 23

Memory corruption in the omec-project AMF (Access and Mobility Management Function) NGSetupRequest Handler allows networ

CVE-2026-9299 LOW POC
2.1 May 23

Memory corruption in omec-project AMF versions up to 2.1.1 exposes 5G core network infrastructure to remote exploitation

CVE-2026-9298 LOW POC
2.1 May 23

Memory corruption in omec-project AMF (Access and Mobility Management Function) through version 2.1.1 allows authenticat

CVE-2026-8780 LOW POC
2.1 May 18

Memory corruption in omec-project AMF versions up to 2.1.3-dev allows authenticated remote attackers to trigger low-seve

CVE-2026-8779 LOW POC
2.1 May 18

Memory corruption in OMEC Project's Access and Mobility Management Function (AMF) allows authenticated remote attackers

CVE-2026-8349 LOW POC
2.1 May 11

Memory corruption in OMEC Project AMF up to version 2.1.1 occurs in the NGAP Message Handler when processing malformed m

Share

CVE-2026-8782 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy