Description
A vulnerability was found in omec-project amf up to 2.1.1. This vulnerability affects unknown code of the component NGReset Message Handler. Performing a manipulation results in memory corruption. The attack is possible to be carried out remotely. The exploit has been made public and could be used. It is recommended to apply a patch to fix this issue.
Published: 2026-05-23
Score: 5.3 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a buffer overflow in the NGReset Message Handler of omec‑project amf. By manipulating the NGReset message, an attacker can trigger a write beyond the allocated bounds, corrupting adjacent memory. This memory corruption could potentially result in remote code execution or other unexpected behavior, depending on how the corrupted memory is used. The flaw is identified as CWE‑119 – Incorrect Restriction of Operations Within the Bounds of a Buffer.

Affected Systems

The defect affects omec‑project amf releases up to and including version 2.1.1. Any system running an affected release should verify its version and update accordingly.

Risk and Exploitability

The CVSS score of 5.3 indicates a moderate severity, and the EPSS score is currently unavailable. The vulnerability is not listed in CISA KEV. The description states that the attack can be carried out remotely and that a public exploit is available, implying that the most likely attack vector is the NGReset interface exposed over the network.

Generated by OpenCVE AI on May 23, 2026 at 14:35 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade omec-project amf to a version newer than 2.1.1 that contains the NGReset Message Handler fix.
  • If an immediate upgrade is not possible, isolate or restrict external access to the NGReset interface so that only trusted hosts can reach it.
  • Continuously monitor system logs for abnormal memory errors or messages related to NGReset handling to detect potential exploitation attempts.

Generated by OpenCVE AI on May 23, 2026 at 14:35 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sat, 23 May 2026 13:30:00 +0000

Type Values Removed Values Added
Description A vulnerability was found in omec-project amf up to 2.1.1. This vulnerability affects unknown code of the component NGReset Message Handler. Performing a manipulation results in memory corruption. The attack is possible to be carried out remotely. The exploit has been made public and could be used. It is recommended to apply a patch to fix this issue.
Title omec-project amf NGReset Message memory corruption
First Time appeared Omec-project
Omec-project amf
Weaknesses CWE-119
CPEs cpe:2.3:a:omec-project:amf:*:*:*:*:*:*:*:*
Vendors & Products Omec-project
Omec-project amf
References
Metrics cvssV2_0

{'score': 6.5, 'vector': 'AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C'}

cvssV3_0

{'score': 6.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C'}

cvssV3_1

{'score': 6.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C'}

cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Omec-project Amf
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-05-23T13:00:15.365Z

Reserved: 2026-05-22T17:45:04.449Z

Link: CVE-2026-9301

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-23T15:15:20Z

Weaknesses