Description
A security vulnerability has been detected in omec-project amf up to 2.1.3-dev. This impacts the function UERadioCapabilityCheckResponse of the file ngap/dispatcher.go. Such manipulation leads to null pointer dereference. The attack can be executed remotely. The exploit has been disclosed publicly and may be used. Upgrading to version 2.2.0 will fix this issue. Upgrading the affected component is advised. The same pull request fixes multiple security issues.
Published: 2026-05-18
Score: 5.3 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a null pointer dereference in the UERadioCapabilityCheckResponse function of omec-project amf. Triggering this flaw can cause the application to crash, potentially leading to a denial of service in affected systems. The issue is a classic pointer misuse error (CWE-476) and an inadequate resource cleanup (CWE-404). The impact is limited to service availability rather than confidentiality or integrity.

Affected Systems

Products affected include omec-project amf versions up to 2.1.3-dev. All releases prior to 2.2.0 are vulnerable. The vulnerability involves the amf component's handling of UERadioCapabilityCheckResponse messages.

Risk and Exploitability

The CVSS score of 5.3 indicates a medium severity for remote exploitation. No EPSS score is available and the vulnerability is not listed in CISA KEV. The exploit can be performed remotely by sending specially crafted UERadioCapabilityCheckResponse messages, which the server will attempt to process and crash.

Generated by OpenCVE AI on May 18, 2026 at 04:51 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the omec-project amf component to version 2.2.0 or later to apply the patch that fixes the null pointer dereference.
  • If an immediate upgrade is not possible, isolate the affected service from the network to prevent remote access that can trigger the fault.
  • Continuously monitor system logs for segmentation faults or crashes in the amf process to detect exploitation attempts early.

Generated by OpenCVE AI on May 18, 2026 at 04:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 18 May 2026 03:30:00 +0000

Type Values Removed Values Added
Description A security vulnerability has been detected in omec-project amf up to 2.1.3-dev. This impacts the function UERadioCapabilityCheckResponse of the file ngap/dispatcher.go. Such manipulation leads to null pointer dereference. The attack can be executed remotely. The exploit has been disclosed publicly and may be used. Upgrading to version 2.2.0 will fix this issue. Upgrading the affected component is advised. The same pull request fixes multiple security issues.
Title omec-project amf dispatcher.go UERadioCapabilityCheckResponse null pointer dereference
First Time appeared Omec-project
Omec-project amf
Weaknesses CWE-404
CWE-476
CPEs cpe:2.3:a:omec-project:amf:*:*:*:*:*:*:*:*
Vendors & Products Omec-project
Omec-project amf
References
Metrics cvssV2_0

{'score': 4, 'vector': 'AV:N/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C'}

cvssV3_0

{'score': 4.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C'}

cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C'}

cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Omec-project Amf
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-05-18T02:15:11.485Z

Reserved: 2026-05-17T09:56:04.123Z

Link: CVE-2026-8783

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-18T04:16:33.723

Modified: 2026-05-18T04:16:33.723

Link: CVE-2026-8783

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-18T05:00:13Z

Weaknesses