Description
A weakness has been identified in omec-project amf up to 2.1.3-dev. This affects an unknown function of the file ngap/handler.go of the component NGAP Message Handler. This manipulation causes null pointer dereference. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be used for attacks. Upgrading to version 2.2.0 mitigates this issue. It is recommended to upgrade the affected component. The same pull request fixes multiple security issues.
Published: 2026-05-18
Score: 5.3 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A null pointer dereference occurs in the NGAP Message Handler component of omec-project amf when processing certain NGAP messages. The flaw leads to a crash of the message handling routine, allowing remote attackers to disrupt service over the network. While the code does not directly expose arbitrary code execution, the resultant denial of service can be leveraged by attackers to interrupt critical network functions in 5G environments.

Affected Systems

The vulnerability affects all releases of omec-project amf up to and including 2.1.3‑dev. Users of those versions are at risk; upgrading to version 2.2.0 removes the flaw.

Risk and Exploitability

The CVSS score of 5.3 indicates moderate severity; no EPSS score is available, and the vulnerability is not listed in the CISA KEV catalog. The flaw is exploitable remotely via crafted NGAP messages, and the public exploit has already been released, suggesting a realistic attack potential. Given the moderate CVSS and the available public exploit, the risk is sufficient to warrant prompt remediation.

Generated by OpenCVE AI on May 18, 2026 at 03:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade omec-project amf to version 2.2.0 or later.
  • If an upgrade is not immediately possible, isolate the affected AMF from external NGAP traffic by implementing firewall rules or access controls to block untrusted NGAP connections.
  • Implement logging and monitoring for unexpected crashes or null dereference exceptions to detect exploitation attempts early.

Generated by OpenCVE AI on May 18, 2026 at 03:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 18 May 2026 02:15:00 +0000

Type Values Removed Values Added
Description A weakness has been identified in omec-project amf up to 2.1.3-dev. This affects an unknown function of the file ngap/handler.go of the component NGAP Message Handler. This manipulation causes null pointer dereference. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be used for attacks. Upgrading to version 2.2.0 mitigates this issue. It is recommended to upgrade the affected component. The same pull request fixes multiple security issues.
Title omec-project amf NGAP Message handler.go null pointer dereference
First Time appeared Omec-project
Omec-project amf
Weaknesses CWE-404
CWE-476
CPEs cpe:2.3:a:omec-project:amf:*:*:*:*:*:*:*:*
Vendors & Products Omec-project
Omec-project amf
References
Metrics cvssV2_0

{'score': 4, 'vector': 'AV:N/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C'}

cvssV3_0

{'score': 4.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C'}

cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C'}

cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Omec-project Amf
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-05-18T02:00:17.310Z

Reserved: 2026-05-17T09:56:01.676Z

Link: CVE-2026-8782

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-18T02:16:37.753

Modified: 2026-05-18T02:16:37.753

Link: CVE-2026-8782

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-18T04:00:16Z

Weaknesses