Description
A vulnerability was identified in omec-project amf up to 2.1.3-dev. The affected element is an unknown function of the file ngap/dispatcher.go of the component NGAP Message Handler. The manipulation leads to memory corruption. The attack may be initiated remotely. The exploit is publicly available and might be used. Upgrading to version 2.2.0 is sufficient to fix this issue. It is suggested to upgrade the affected component. The same pull request fixes multiple security issues.
Published: 2026-05-18
Score: 5.3 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A memory corruption flaw exists in the NGAP Message Handler of the omec‑project amf, triggered by an unknown function within ngap/dispatcher.go. Manipulating this function can corrupt program memory, and the vulnerability is classified as CWE‑119. The flaw could allow an attacker to hijack execution flow or cause a crash, potentially enabling remote code execution or denial of service.

Affected Systems

The affected component is omec‑project amf versions up to 2.1.3‑dev. Any deployment of a release earlier than 2.2.0 remains vulnerable. The 2.2.0 release replaces the vulnerable code and resolves the issue.

Risk and Exploitability

With a CVSS score of 5.3 the vulnerability is considered moderate severity. No EPSS score is available and the issue is not listed in CISA's KEV catalog. The CVE description confirms that the attack can be initiated remotely and that a publicly available exploit may exist, meaning that an adversary could send crafted NGAP messages to trigger the memory corruption.

Generated by OpenCVE AI on May 18, 2026 at 03:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to version 2.2.0 of omec‑project amf to eliminate the memory corruption fault.
  • If upgrading is not immediately possible, restrict access to the NGAP interface by allowing traffic only from trusted IP ranges or by applying firewall rules to block suspicious or untrusted traffic.
  • Continuously monitor logs and security telemetry for unusual NGAP traffic patterns or crash events that may indicate exploitation attempts.

Generated by OpenCVE AI on May 18, 2026 at 03:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 18 May 2026 02:15:00 +0000

Type Values Removed Values Added
Description A vulnerability was identified in omec-project amf up to 2.1.3-dev. The affected element is an unknown function of the file ngap/dispatcher.go of the component NGAP Message Handler. The manipulation leads to memory corruption. The attack may be initiated remotely. The exploit is publicly available and might be used. Upgrading to version 2.2.0 is sufficient to fix this issue. It is suggested to upgrade the affected component. The same pull request fixes multiple security issues.
Title omec-project amf NGAP Message dispatcher.go memory corruption
First Time appeared Omec-project
Omec-project amf
Weaknesses CWE-119
CPEs cpe:2.3:a:omec-project:amf:*:*:*:*:*:*:*:*
Vendors & Products Omec-project
Omec-project amf
References
Metrics cvssV2_0

{'score': 4, 'vector': 'AV:N/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C'}

cvssV3_0

{'score': 4.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C'}

cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C'}

cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Omec-project Amf
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-05-18T01:30:14.757Z

Reserved: 2026-05-17T09:55:56.216Z

Link: CVE-2026-8780

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-18T02:16:37.383

Modified: 2026-05-18T02:16:37.383

Link: CVE-2026-8780

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-18T04:00:16Z

Weaknesses