CVE-2026-8780
Memory Corruption in OMEC Project AMF
Publication date: 2026-05-18
Last updated on: 2026-05-18
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| omec-project | amf | to 2.1.3-dev (inc) |
| omec-project | amf | 2.2.0 |
| omec-project | amf | 2.2.1 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-119 | The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability in the omec-project AMF component can impact the confidentiality, integrity, or availability of the 5G core network if exploited.
Since the AMF is responsible for critical control plane functions including security context management and handles sensitive signaling data, exploitation of this vulnerability could potentially lead to unauthorized access or denial-of-service conditions.
Such impacts on confidentiality and availability may affect compliance with standards and regulations like GDPR or HIPAA that require protection of sensitive data and system availability.
Can you explain this vulnerability to me?
CVE-2026-8780 is a vulnerability in the Access and Mobility Management Function (AMF) component of the omec-project, specifically in the NGAP Message Handler within the file ngap/dispatcher.go. The issue arises when the AMF processes an NGAP message, such as NGSetupRequest, containing malformed input like a non-printable string in the RANNodeName field. This malformed input causes a panic error due to invalid UTF-8 string handling, leading to a crash of the AMF component.
The vulnerability results in memory corruption and can be triggered remotely by sending crafted NGAP messages. The exploit is publicly available, making it easier for attackers to cause denial-of-service conditions by crashing the AMF.
Upgrading the AMF component to version 2.2.0 or later fixes this issue by adding validation checks and safer parsing mechanisms to handle malformed NGAP inputs properly.
How can this vulnerability impact me? :
This vulnerability can impact you by causing the AMF component of your 5G core network to crash when it receives malformed NGAP messages. This leads to a denial-of-service (DoS) condition, disrupting the availability of critical network functions such as registration management, connection management, and mobility management.
Since the AMF is a central control plane function in the 5G network, its unavailability can affect the overall network stability and service continuity, potentially impacting end users and network operators.
The vulnerability can be exploited remotely, and since the exploit is publicly available, the risk of attack is higher if the system is not updated.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for crashes or panic errors in the AMF component when processing NGAP messages, specifically NGSetupRequest messages containing malformed or non-printable strings in the RANNodeName field.
A practical detection method involves sending a crafted NGAP packet with a non-printable string in the RANNodeName information element to the AMF and observing if it crashes or logs panic errors related to invalid UTF-8 label values.
Additionally, monitoring logs for panic errors or crashes during NGAP message handling can help identify exploitation attempts.
While specific commands are not provided in the resources, a network administrator could use packet crafting tools (e.g., scapy or similar) to send NGAP messages with malformed RANNodeName fields to test the system's response.
What immediate steps should I take to mitigate this vulnerability?
The immediate and recommended mitigation step is to upgrade the omec-project AMF component to version 2.2.0 or later, as this version includes fixes that address this vulnerability.
Upgrading ensures that the AMF has improved validation checks and safer parsing mechanisms to prevent crashes caused by malformed NGAP messages.
Until the upgrade is applied, monitoring for unusual crashes or panic errors and restricting access to the AMF component from untrusted sources may help reduce the risk of exploitation.