CVE-2026-30078
Received Received - Intake
Crash Vulnerability in OpenAirInterface AMF via Invalid NGAP Messages

Publication date: 2026-04-06

Last updated on: 2026-04-10

Assigner: MITRE

Description
OpenAirInterface V2.2.0 AMF crashes when it receives an NGAP message with invalid procedure code or invalid PDU-type. For example when the message specification requires InitiatingMessage but sent with successfulOutcome.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-06
Last Modified
2026-04-10
Generated
2026-06-16
AI Q&A
2026-04-06
EPSS Evaluated
2026-06-15
NVD
CVE-2026-30078
EUVD
EUVD-2026-19237
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
openairinterface oai-cn5g-amf 2.2.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-20 The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-30078 is a vulnerability in OpenAirInterface AMF version 2.2.0 where the system crashes upon receiving an NGAP message with an invalid procedure code or an invalid PDU type.

Specifically, the crash happens when the AMF expects an InitiatingMessage but instead receives a successfulOutcome message with an invalid procedure code. This improper message handling leads to incorrect memory deallocation, where stack-allocated memory is freed as if it were heap-allocated, causing a crash.

The root cause is improper validation and memory management in the NGAP message handling code, resulting in a denial-of-service condition.

Impact Analysis

This vulnerability can cause the OpenAirInterface AMF to crash when it processes malformed NGAP messages with invalid procedure codes or PDU types.

Such crashes lead to a denial-of-service (DoS) condition, potentially disrupting network functions that rely on the AMF component.

If exploited, attackers could send crafted NGAP messages to trigger these crashes, impacting the availability and reliability of the affected system.

Detection Guidance

This vulnerability can be detected by monitoring the OpenAirInterface AMF version 2.2.0 for crashes triggered by receiving NGAP messages with invalid procedure codes or invalid PDU types.

One way to detect the issue is to send crafted NGAP messages containing invalid procedure codes (e.g., code 59) or invalid PDU types (such as sending a successfulOutcome message when an InitiatingMessage is expected) to the AMF and observe if it crashes.

For example, you can run the AMF on Ubuntu 22.04 within a Docker environment and use a tool or script to send a hex stream representing the malformed NGAP message to the AMF.

While specific commands are not provided, the detection involves sending crafted NGAP messages and monitoring the AMF logs or crash reports, especially looking for invalid free operations or crashes in the ngap_app::handle_receive function.

Mitigation Strategies

Immediate mitigation steps include ensuring that the OpenAirInterface AMF properly validates NGAP messages before processing them.

Specifically, the AMF should reject NGAP messages with invalid procedure codes or invalid PDU types to prevent crashes caused by improper memory deallocation.

Until a patch or update is available, consider implementing network-level filtering to block malformed NGAP messages or restrict access to the AMF to trusted sources only.

Monitoring the AMF for crashes and restarting the service as needed can also help maintain availability.

Compliance Impact

The provided information does not specify any direct impact of CVE-2026-30078 on compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-30078. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart