CVE-2026-14624
Received Received - Intake

Denial of Service in omec-project amf

Vulnerability report for CVE-2026-14624, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-04

Last updated on: 2026-07-04

Assigner: VulDB

Description

A vulnerability was identified in omec-project amf up to 2.0.2/2.1.1. Impacted is an unknown function of the file /go/src/amf/ngap/handler.go of the component NGSetupRequest Handler. The manipulation leads to denial of service. It is possible to initiate the attack remotely. The exploit is publicly available and might be used. The identifier of the patch is 34bc6724acc97dba1f8691e586da95b042cb612d. To fix this issue, it is recommended to deploy a patch.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-04
Last Modified
2026-07-04
Generated
2026-07-04
AI Q&A
2026-07-04
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 2 associated CPEs
Vendor Product Version / Range
omec-project amf to 2.1.1 (exc)
omec-project amf 2.2.1

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-404 The product does not release or incorrectly releases a resource before it is made available for re-use.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-14624 is a vulnerability in the Access and Mobility Management Function (AMF) component of the omec-project, specifically in the NGSetupRequest Handler within the file handler.go. The issue arises when the AMF receives a malformed NGAP message, such as an invalid PDUSessionResourceModifyIndication containing incorrect information elements. This malformed message causes the AMF to crash due to a nil pointer dereference error, leading to a denial of service. The crash happens because the AMF fails to properly handle the malformed message, attempts to access a null pointer when it cannot find the associated User Equipment context, and triggers a segmentation fault in the Go runtime environment.

The vulnerability can be exploited remotely by sending crafted NGAP messages to the AMF, causing it to panic and stop functioning. A patch has been released to fix this issue by adding proper validation and error handling to prevent such crashes.

Compliance Impact

The vulnerability in the omec-project AMF component can lead to denial of service through remote exploitation, potentially impacting the availability of the 5G core network functions.

While the AMF is designed to be compliant with 5G network function standards and supports secure communication mechanisms such as HTTPS with certificate validation, the vulnerability may affect the availability aspect of network services.

However, there is no explicit information in the provided resources about direct impacts on compliance with common data protection or privacy regulations such as GDPR or HIPAA.

Impact Analysis

This vulnerability can cause a denial of service (DoS) in the 5G core network's AMF component by crashing the AMF process when it receives malformed NGAP messages. This disruption can lead to loss of availability of critical network functions such as registration, connection management, and mobility management for user equipment.

Since the AMF is a key control plane function in the 5G core network, its unavailability can impact network reliability and service continuity, potentially affecting end users' ability to connect or maintain sessions on the network.

Detection Guidance

This vulnerability can be detected by monitoring the AMF logs for panic errors indicating crashes due to nil pointer dereferences, especially after receiving malformed NGAP messages such as PDUSessionResourceModifyIndication with invalid information elements.

Specifically, look for log entries containing messages like "invalid memory address or nil pointer dereference" which indicate the AMF process has crashed.

To detect attempts to exploit this vulnerability on your network, you can capture and analyze NGAP traffic for malformed or unexpected messages targeting the AMF component.

  • Use network packet capture tools (e.g., tcpdump or Wireshark) to filter NGAP protocol messages to the AMF.
  • Example tcpdump command to capture NGAP messages on the relevant interface and port: tcpdump -i <interface> -w ngap_capture.pcap 'udp port <NGAP_port>'
  • Analyze captured NGAP messages for malformed PDUSessionResourceModifyIndication or NGSetupRequest messages that could trigger the crash.

Additionally, monitoring the AMF process status and setting up alerts for unexpected crashes or restarts can help detect exploitation attempts.

Mitigation Strategies

The immediate mitigation step is to deploy the patch that fixes this vulnerability. The patch is identified by commit 34bc6724acc97dba1f8691e586da95b042cb612d and is included in the AMF release version 2.2.1.

This patch improves input validation and error handling in the NGAP message processing to prevent crashes caused by malformed messages.

Until the patch is applied, consider implementing network-level protections such as filtering or blocking malformed NGAP messages from untrusted sources to reduce the risk of exploitation.

Also, monitor AMF logs for crash events and ensure that the AMF service is configured to restart automatically to maintain availability.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-14624. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart