Description
OpenAirInterface V2.2.0 AMF crashes when it receives an NGAP message with invalid procedure code or invalid PDU-type. For example when the message specification requires InitiatingMessage but sent with successfulOutcome.
Published: 2026-04-06
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Patch Immediately
AI Analysis

Impact

The defect allows an attacker to cause a crash in the OpenAirInterface 2.2.0 AMF by sending an NGAP message that contains an invalid procedure code or mismatched PDU type. When the AMF processes such a message it terminates unexpectedly, resulting in a denial‑of‑service condition that can disrupt the availability of the 5G core network for all users connected to that AMF. The weakness arises from improper input validation, identified as CWE‑20, and could potentially be exploited by any entity able to inject malformed NGAP traffic into the AMF.

Affected Systems

OpenAirInterface CN5G AMF version 2.2.0 is affected. No other versions are explicitly listed in the advisory, so operators running that release should treat the component as vulnerable.

Risk and Exploitability

The CVSS score of 7.5 indicates a substantial risk to availability, while the EPSS score is below 1 %, suggesting that automated exploitation is unlikely at present, and the vulnerability is not listed in the CISA KEV catalog. Based on the description, it is inferred that the attack vector involves a network-based injection of malformed NGAP messages into the AMF. If an attacker has network access to the AMF, the flaw can be exploited in a real‑world setting, leading to repeated crashes and service disruption.

Generated by OpenCVE AI on April 10, 2026 at 19:30 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the vendor’s update that addresses NGAP message validation in OpenAirInterface AMF 2.2.0 or later.
  • If upgrading is not feasible immediately, limit external access to the AMF and consider blocking abnormal NGAP traffic with firewall rules.
  • Enable detailed logging for AMF control plane activities and observe for repeated crashes or malformed messages.

Generated by OpenCVE AI on April 10, 2026 at 19:30 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 13 Apr 2026 14:30:00 +0000

Type Values Removed Values Added
Title Denial of Service in OpenAirInterface AMF via Malformed NGAP Messages

Fri, 10 Apr 2026 18:30:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:openairinterface:oai-cn5g-amf:2.2.0:*:*:*:*:*:*:*

Tue, 07 Apr 2026 00:00:00 +0000

Type Values Removed Values Added
Title Denial of Service in OpenAirInterface AMF via Malformed NGAP Messages
First Time appeared Openairinterface
Openairinterface oai-cn5g-amf
Vendors & Products Openairinterface
Openairinterface oai-cn5g-amf

Mon, 06 Apr 2026 15:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-20
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 06 Apr 2026 14:15:00 +0000

Type Values Removed Values Added
Description OpenAirInterface V2.2.0 AMF crashes when it receives an NGAP message with invalid procedure code or invalid PDU-type. For example when the message specification requires InitiatingMessage but sent with successfulOutcome.
References

Subscriptions

Openairinterface Oai-cn5g-amf
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-04-06T14:09:30.380Z

Reserved: 2026-03-04T00:00:00.000Z

Link: CVE-2026-30078

cve-icon Vulnrichment

Updated: 2026-04-06T14:07:44.973Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-06T14:16:22.807

Modified: 2026-04-10T18:26:05.150

Link: CVE-2026-30078

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-13T14:27:57Z

Weaknesses