CVE-2026-30078
Crash Vulnerability in OpenAirInterface AMF via Invalid NGAP Messages
Publication date: 2026-04-06
Last updated on: 2026-04-10
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| openairinterface | oai-cn5g-amf | 2.2.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-20 | The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-30078 is a vulnerability in OpenAirInterface AMF version 2.2.0 where the system crashes upon receiving an NGAP message with an invalid procedure code or an invalid PDU type.
Specifically, the crash happens when the AMF expects an InitiatingMessage but instead receives a successfulOutcome message with an invalid procedure code. This improper message handling leads to incorrect memory deallocation, where stack-allocated memory is freed as if it were heap-allocated, causing a crash.
The root cause is improper validation and memory management in the NGAP message handling code, resulting in a denial-of-service condition.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify any direct impact of CVE-2026-30078 on compliance with common standards and regulations such as GDPR or HIPAA.
How can this vulnerability impact me? :
This vulnerability can cause the OpenAirInterface AMF to crash when it processes malformed NGAP messages with invalid procedure codes or PDU types.
Such crashes lead to a denial-of-service (DoS) condition, potentially disrupting network functions that rely on the AMF component.
If exploited, attackers could send crafted NGAP messages to trigger these crashes, impacting the availability and reliability of the affected system.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring the OpenAirInterface AMF version 2.2.0 for crashes triggered by receiving NGAP messages with invalid procedure codes or invalid PDU types.
One way to detect the issue is to send crafted NGAP messages containing invalid procedure codes (e.g., code 59) or invalid PDU types (such as sending a successfulOutcome message when an InitiatingMessage is expected) to the AMF and observe if it crashes.
For example, you can run the AMF on Ubuntu 22.04 within a Docker environment and use a tool or script to send a hex stream representing the malformed NGAP message to the AMF.
While specific commands are not provided, the detection involves sending crafted NGAP messages and monitoring the AMF logs or crash reports, especially looking for invalid free operations or crashes in the ngap_app::handle_receive function.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include ensuring that the OpenAirInterface AMF properly validates NGAP messages before processing them.
Specifically, the AMF should reject NGAP messages with invalid procedure codes or invalid PDU types to prevent crashes caused by improper memory deallocation.
Until a patch or update is available, consider implementing network-level filtering to block malformed NGAP messages or restrict access to the AMF to trusted sources only.
Monitoring the AMF for crashes and restarting the service as needed can also help maintain availability.