CVE-2026-30078: n/a
OpenAirInterface V2.2.0 AMF crashes when it receives an NGAP message with invalid procedure code or invalid PDU-type. For example when the message specification requires InitiatingMessage but sent with successfulOutcome.
AI Analysis
Technical Summary
The vulnerability in OpenAirInterface V2.2.0 AMF occurs due to improper handling of NGAP messages with invalid procedure codes or PDU-types. Specifically, if the message specification requires an InitiatingMessage but a successfulOutcome is sent instead, the AMF crashes. This indicates a lack of robust input validation for NGAP message types in the affected version.
Potential Impact
Successful exploitation results in the AMF process crashing, leading to a denial of service condition. There is no indication of code execution or data leakage. No known exploits are reported in the wild at this time.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until a fix is available, avoid sending malformed NGAP messages to the AMF or implement input validation and filtering at network boundaries to prevent invalid NGAP messages from reaching the AMF.
CVE-2026-30078: n/a
Description
OpenAirInterface V2.2.0 AMF crashes when it receives an NGAP message with invalid procedure code or invalid PDU-type. For example when the message specification requires InitiatingMessage but sent with successfulOutcome.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The vulnerability in OpenAirInterface V2.2.0 AMF occurs due to improper handling of NGAP messages with invalid procedure codes or PDU-types. Specifically, if the message specification requires an InitiatingMessage but a successfulOutcome is sent instead, the AMF crashes. This indicates a lack of robust input validation for NGAP message types in the affected version.
Potential Impact
Successful exploitation results in the AMF process crashing, leading to a denial of service condition. There is no indication of code execution or data leakage. No known exploits are reported in the wild at this time.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until a fix is available, avoid sending malformed NGAP messages to the AMF or implement input validation and filtering at network boundaries to prevent invalid NGAP messages from reaching the AMF.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- mitre
- Date Reserved
- 2026-03-04T00:00:00.000Z
- Cvss Version
- null
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69d3bc7e0a160ebd92bb5f40
Added to database: 4/6/2026, 2:00:30 PM
Last enriched: 4/6/2026, 2:15:31 PM
Last updated: 4/8/2026, 9:00:14 AM
Views: 16
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.