CVE-2026-8779
Received Received - Intake
Memory Corruption in omec-project amf via NGSetupRequest

Publication date: 2026-05-18

Last updated on: 2026-05-18

Assigner: VulDB

Description
A vulnerability was determined in omec-project amf up to 2.1.3-dev. Impacted is the function NGSetupRequest of the file ngap/handler.go. Executing a manipulation of the argument InformationElement can lead to memory corruption. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized. Upgrading to version 2.2.0 is recommended to address this issue. The affected component should be upgraded. The same pull request fixes multiple security issues.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-18
Last Modified
2026-05-18
Generated
2026-06-10
AI Q&A
2026-05-18
EPSS Evaluated
2026-06-08
NVD
CVE-2026-8779
Affected Vendors & Products
Showing 3 associated CPEs
Vendor Product Version / Range
omec-project amf to 2.1.3-dev (inc)
omec-project amf 2.2.0
omec-project amf 2.2.1
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-119 The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-8779 is a vulnerability in the Access and Mobility Management Function (AMF) component of the omec-project, specifically affecting the NGSetupRequest function in the ngap/handler.go file. When the argument InformationElement is manipulated, it can cause memory corruption leading to a crash due to invalid memory access or a nil pointer dereference. This vulnerability can be exploited remotely by sending a malformed NGSetupRequest message with no valid information elements, causing the AMF to panic and crash.

The issue was reported in version 2.0.2 and fixed in version 2.2.1. The vulnerability results from improper handling of malformed NGAP messages, leading to segmentation faults during message processing.

Impact Analysis

Exploitation of this vulnerability can cause the AMF component to crash due to memory corruption, resulting in a denial of service (DoS) condition in the 5G core network. Since the AMF is a critical control plane function responsible for managing mobility, registration, and security contexts, its failure can disrupt network operations, impacting connectivity and service availability for users.

The attack can be launched remotely without user interaction, making it easier for attackers to cause service interruptions.

Detection Guidance

The CVE-2026-8779 vulnerability causes the Access and Mobility Management Function (AMF) to crash when it receives a malformed NGSetupRequest message with no valid information elements, leading to a segmentation fault (SIGSEGV). Detection can involve monitoring the AMF logs for panic messages indicating a nil pointer dereference in the HandleNGSetupRequest function within the NGAP handler module.

To detect exploitation attempts or the vulnerability on your system, you can monitor the AMF process for crashes or segmentation faults and inspect logs for error messages related to NGSetupRequest handling.

Specific commands might include:

  • Checking system logs for AMF crashes: `journalctl -u amf.service -f` or `docker logs <amf_container>` if running in Docker.
  • Using network packet capture tools like tcpdump or Wireshark to filter and analyze NGAP messages, specifically looking for malformed NGSetupRequest messages.
  • Example tcpdump command to capture NGAP traffic (assuming NGAP uses SCTP port 38412): `tcpdump -i <interface> port 38412 -w ngap_capture.pcap`
  • Analyzing captured packets with Wireshark to identify malformed NGSetupRequest messages.
Mitigation Strategies

The recommended immediate mitigation step is to upgrade the omec-project AMF component to version 2.2.1 or later, as this version contains the fix for the CVE-2026-8779 vulnerability.

If upgrading immediately is not possible, consider implementing network-level protections such as filtering or blocking malformed NGSetupRequest messages to prevent exploitation.

Additionally, monitor the AMF logs for crashes or panic messages to detect potential exploitation attempts and respond accordingly.

Compliance Impact

The provided information does not specify any direct impact of CVE-2026-8779 on compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-8779. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart