Description
OpenAirInterface V2.2.0 AMF crashes when it receives an NGAP message with invalid procedure code or invalid PDU-type. For example when the message specification requires InitiatingMessage but sent with successfulOutcome.
Published: 2026-04-06
Score: 7.5 High
EPSS: n/a
KEV: No
Impact: Denial of Service due to crash
Action: Assess Impact
AI Analysis

Impact

Improper handling of NGAP messages in the OpenAirInterface AMF component causes the process to crash when a message with an unexpected procedure code or PDU type is received—for example, an InitiatingMessage that arrives as a SuccessfulOutcome. The resulting crash disables the AMF for all connected nodes, producing a denial‑of‑service outcome.

Affected Systems

The AMF portion of OpenAirInterface version 2.2.0 is affected. No vendor name is listed in the CVE record; the project is hosted on a GitLab instance, so the specific vendor is unknown. Users running this version and exposing the AMF to external NGAP traffic fall within the impact zone.

Risk and Exploitability

The CVSS base score of 7.5 signals high severity, and the vulnerability is not catalogued in CISA's KEV list. No EPSS score is provided. The likely attack vector is an unauthenticated network adversary transmitting a malformed NGAP packet. The flaw can be triggered without special privileges, making it reasonably likely to be exploited in a hostile environment.

Generated by OpenCVE AI on April 6, 2026 at 17:54 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the patch available in merge request 414 or any updated release of OpenAirInterface V2.2.0 that contains the fix.
  • If a newer version is not yet released, extract and apply the corrective change from the project repository locally.
  • Configure firewall or network segmentation rules to restrict inbound NGAP traffic to trusted core network elements only.
  • Enable monitoring of the AMF process and set alerts for unexpected crashes or restarts.
  • If the maintainers provide a temporary workaround, implement it until the official patch is deployed.

Generated by OpenCVE AI on April 6, 2026 at 17:54 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 07 Apr 2026 00:00:00 +0000

Type Values Removed Values Added
Title Denial of Service in OpenAirInterface AMF via Malformed NGAP Messages
First Time appeared Openairinterface
Openairinterface oai-cn5g-amf
Vendors & Products Openairinterface
Openairinterface oai-cn5g-amf

Mon, 06 Apr 2026 15:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-20
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 06 Apr 2026 14:15:00 +0000

Type Values Removed Values Added
Description OpenAirInterface V2.2.0 AMF crashes when it receives an NGAP message with invalid procedure code or invalid PDU-type. For example when the message specification requires InitiatingMessage but sent with successfulOutcome.
References

Subscriptions

Openairinterface Oai-cn5g-amf
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-04-06T14:09:30.380Z

Reserved: 2026-03-04T00:00:00.000Z

Link: CVE-2026-30078

cve-icon Vulnrichment

Updated: 2026-04-06T14:07:44.973Z

cve-icon NVD

Status : Received

Published: 2026-04-06T14:16:22.807

Modified: 2026-04-06T15:17:07.777

Link: CVE-2026-30078

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-06T21:48:01Z

Weaknesses