CVE-2026-8783
Null Pointer Dereference in OMEC Project AMF
Publication date: 2026-05-18
Last updated on: 2026-05-18
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| omec-project | amf | to 2.1.3-dev (inc) |
| omec-project | amf | 2.2.0 |
| omec-project | amf | 2.2.1 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-404 | The product does not release or incorrectly releases a resource before it is made available for re-use. |
| CWE-476 | The product dereferences a pointer that it expects to be valid but is NULL. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not explicitly mention any impact of CVE-2026-8783 on compliance with common standards and regulations such as GDPR or HIPAA.
Can you explain this vulnerability to me?
CVE-2026-8783 is a security vulnerability in the omec-project AMF (Access and Mobility Management Function) component of the 5G core network, specifically affecting versions up to 2.1.3-dev.
The vulnerability occurs in the function UERadioCapabilityCheckResponse within the ngap/dispatcher.go file, where a malformed UERadioCapabilityCheckResponse message causes a nil pointer dereference.
When the AMF receives a specially crafted NGAP message with invalid data, it triggers a runtime panic (segmentation fault), causing the AMF to crash.
This issue can be exploited remotely by sending malformed NGAP messages to the AMF.
The vulnerability was fixed in version 2.2.0 (specifically rel-2.2.1) by adding validation and safer parsing mechanisms to prevent such crashes.
How can this vulnerability impact me? :
Exploitation of this vulnerability can cause the AMF component of the 5G core network to crash due to a nil pointer dereference triggered by malformed NGAP messages.
Such crashes can lead to denial-of-service (DoS) conditions, disrupting critical 5G network functions like mobility management, registration, and connection management.
This disruption can impact network availability and reliability, potentially affecting end-users' connectivity and services dependent on the 5G core network.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
The vulnerability CVE-2026-8783 is triggered by a malformed UERadioCapabilityCheckResponse NGAP message causing a nil pointer dereference and crash in the AMF component.
Detection can focus on monitoring for crashes or segmentation faults in the AMF service, especially those related to NGAP message decoding errors.
You can check AMF logs for runtime panics or segmentation faults triggered by malformed NGAP messages.
Network detection could involve capturing and analyzing NGAP traffic for malformed UERadioCapabilityCheckResponse messages.
- Use system commands like `journalctl -u amf.service` or `docker logs <amf_container>` to review AMF logs for crash reports.
- Use packet capture tools such as `tcpdump` or `wireshark` to filter NGAP messages and inspect for malformed UERadioCapabilityCheckResponse messages.
- Example tcpdump command: `tcpdump -i <interface> -w ngap_capture.pcap 'udp port 38412'` (assuming NGAP runs over UDP port 38412), then analyze the capture for malformed messages.
What immediate steps should I take to mitigate this vulnerability?
The primary mitigation step is to upgrade the omec-project AMF component to version 2.2.0 or later, as this version includes fixes for CVE-2026-8783.
Until the upgrade can be applied, monitor the AMF service for crashes and consider restricting or filtering NGAP traffic from untrusted sources to reduce exposure.
Implement network-level protections such as firewall rules or NGAP message validation proxies to block malformed NGAP messages.
Review and apply any additional patches or updates related to the AMF component that address malformed input handling and panic safety.