Description
A vulnerability was detected in omec-project amf up to 2.1.1. Affected by this vulnerability is an unknown functionality of the component PathSwitchRequest Handler. The manipulation results in memory corruption. The attack may be launched remotely. The exploit is now public and may be used. It is advisable to implement a patch to correct this issue.
Published: 2026-05-23
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A memory corruption vulnerability (CWE-119) was identified in the PathSwitchRequest Handler of omec-project amf, affecting versions up to 2.1.1. Manipulating the unknown functionality can overwrite memory, potentially disrupting program operation or enabling further compromise. The description notes that the defect can be exploited remotely, and the exploit is publicly available.

Affected Systems

The affected product is omec-project amf, all releases up to and including 2.1.1. No other vendors or product variants are listed as impacted.

Risk and Exploitability

The CVSS score of 5.3 indicates a medium severity vulnerability. EPSS is not recorded, and the issue is not listed in CISA’s KEV catalog, but the public availability of the exploit and the remote attack vector raise concern. An attacker can remotely trigger the handler via crafted input, causing memory corruption that may influence program execution or lead to denial of service.

Generated by OpenCVE AI on May 23, 2026 at 11:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest patch for omec-project amf, ensuring the version is 2.1.2 or later.
  • Upgrade all running instances of amf to a supported, patched version to eliminate the vulnerable code path.
  • If upgrade is not immediately possible, block or tightly restrict inbound traffic to the PathSwitchRequest endpoint using firewall rules or network segmentation to mitigate exploitation risk.

Generated by OpenCVE AI on May 23, 2026 at 11:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sat, 23 May 2026 10:45:00 +0000

Type Values Removed Values Added
Description A vulnerability was detected in omec-project amf up to 2.1.1. Affected by this vulnerability is an unknown functionality of the component PathSwitchRequest Handler. The manipulation results in memory corruption. The attack may be launched remotely. The exploit is now public and may be used. It is advisable to implement a patch to correct this issue.
Title omec-project amf PathSwitchRequest memory corruption
First Time appeared Omec-project
Omec-project amf
Weaknesses CWE-119
CPEs cpe:2.3:a:omec-project:amf:*:*:*:*:*:*:*:*
Vendors & Products Omec-project
Omec-project amf
References
Metrics cvssV2_0

{'score': 6.5, 'vector': 'AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C'}

cvssV3_0

{'score': 6.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C'}

cvssV3_1

{'score': 6.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C'}

cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Omec-project Amf
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-05-23T10:30:13.713Z

Reserved: 2026-05-22T17:44:56.483Z

Link: CVE-2026-9298

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-23T12:30:17Z

Weaknesses