CVE-2026-8782
Received Received - Intake
Null Pointer Dereference in omec-project amf

Publication date: 2026-05-18

Last updated on: 2026-05-18

Assigner: VulDB

Description
A weakness has been identified in omec-project amf up to 2.1.3-dev. This affects an unknown function of the file ngap/handler.go of the component NGAP Message Handler. This manipulation causes null pointer dereference. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be used for attacks. Upgrading to version 2.2.0 mitigates this issue. It is recommended to upgrade the affected component. The same pull request fixes multiple security issues.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-18
Last Modified
2026-05-18
Generated
2026-06-10
AI Q&A
2026-05-19
EPSS Evaluated
2026-06-08
NVD
CVE-2026-8782
Affected Vendors & Products
Showing 3 associated CPEs
Vendor Product Version / Range
omec-project amf to 2.1.3-dev (inc)
omec-project amf 2.2.0
omec-project amf 2.2.1
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-404 The product does not release or incorrectly releases a resource before it is made available for re-use.
CWE-476 The product dereferences a pointer that it expects to be valid but is NULL.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Executive Summary

This vulnerability is a weakness in the omec-project AMF (Access and Mobility Management Function) component, specifically in the NGAP Message Handler's file ngap/handler.go. It is caused by a null pointer dereference triggered by processing a malformed NGAP message, such as a LocationReportFailureIndication. This leads to a crash (segmentation fault) in the AMF, which is a critical part of the 5G core network.

The issue allows remote attackers to cause the AMF to crash by sending specially crafted malformed messages, resulting in denial of service. The vulnerability affects versions up to 2.1.3-dev and has been fixed in version 2.2.0 and later.

Impact Analysis

Exploitation of this vulnerability can cause the AMF component of the 5G core network to crash due to a null pointer dereference. This results in a denial-of-service condition, potentially disrupting mobility management and other critical network functions handled by the AMF.

Since the AMF is responsible for key control plane functions such as registration management, connection management, and security context management, its unavailability can impact network reliability and service continuity for users.

Detection Guidance

This vulnerability causes a null pointer dereference crash in the AMF component when processing malformed NGAP messages, specifically a LocationReportFailureIndication message. Detection can involve monitoring for crashes or runtime panics in the AMF logs indicating invalid memory access or segmentation faults.

You can check AMF logs for error messages related to runtime panics or segmentation faults in the NGAP handler, especially in the function HandleLocationReportingFailureIndication.

While no specific commands are provided in the resources, general commands to detect such issues could include:

  • Using system logs: `journalctl -u amf.service` or checking container logs if AMF runs in a container.
  • Using network packet capture tools like `tcpdump` or `wireshark` to capture NGAP messages and analyze for malformed LocationReportFailureIndication messages.
  • Monitoring process crashes with commands like `dmesg` or `systemctl status amf`.
Mitigation Strategies

The primary mitigation step is to upgrade the omec-project AMF component to version 2.2.0 or later, as this version includes fixes that harden the AMF against malformed NGAP messages causing crashes.

Upgrading ensures that validation checks, nil/empty checks, and safer parsing mechanisms are in place to prevent the null pointer dereference.

Until the upgrade can be applied, monitoring for suspicious malformed NGAP messages and AMF crashes can help in early detection of exploitation attempts.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-8782. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart