CVE-2026-8781: NULL Pointer Dereference in omec-project amf
A security flaw has been discovered in omec-project amf up to 2.1.3-dev. The impacted element is the function RANConfiguration of the file ngap/handler.go. The manipulation results in null pointer dereference. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks. Upgrading to version 2.2.0 is sufficient to resolve this issue. Upgrading the affected component is recommended. The same pull request fixes multiple security issues.
AI Analysis
Technical Summary
The vulnerability CVE-2026-8781 affects the omec-project amf software versions up to 2.1.3-dev. It is caused by a null pointer dereference in the RANConfiguration function of the ngap/handler.go file. This flaw can be exploited remotely without authentication or user interaction, potentially causing a denial of service or application crash. Public exploit code is available, increasing the risk of exploitation. The issue is fixed by upgrading to version 2.2.0, which includes a pull request that also addresses other security issues.
Potential Impact
Successful exploitation of this vulnerability can cause the affected application to crash or behave unexpectedly due to null pointer dereference. This may lead to denial of service conditions. There is no indication of privilege escalation, data disclosure, or code execution from the provided data. The vulnerability can be triggered remotely without authentication, increasing its risk profile. Public exploit availability raises the likelihood of attacks against unpatched systems.
Mitigation Recommendations
Upgrading the omec-project amf component to version 2.2.0 fully resolves this vulnerability along with other security issues. Applying this official fix is the recommended remediation. Since this is not a cloud service, users must manually upgrade their deployments. Patch status is confirmed by the vendor's release notes indicating version 2.2.0 as the fix. No alternative mitigations or temporary workarounds are indicated.
CVE-2026-8781: NULL Pointer Dereference in omec-project amf
Description
A security flaw has been discovered in omec-project amf up to 2.1.3-dev. The impacted element is the function RANConfiguration of the file ngap/handler.go. The manipulation results in null pointer dereference. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks. Upgrading to version 2.2.0 is sufficient to resolve this issue. Upgrading the affected component is recommended. The same pull request fixes multiple security issues.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The vulnerability CVE-2026-8781 affects the omec-project amf software versions up to 2.1.3-dev. It is caused by a null pointer dereference in the RANConfiguration function of the ngap/handler.go file. This flaw can be exploited remotely without authentication or user interaction, potentially causing a denial of service or application crash. Public exploit code is available, increasing the risk of exploitation. The issue is fixed by upgrading to version 2.2.0, which includes a pull request that also addresses other security issues.
Potential Impact
Successful exploitation of this vulnerability can cause the affected application to crash or behave unexpectedly due to null pointer dereference. This may lead to denial of service conditions. There is no indication of privilege escalation, data disclosure, or code execution from the provided data. The vulnerability can be triggered remotely without authentication, increasing its risk profile. Public exploit availability raises the likelihood of attacks against unpatched systems.
Mitigation Recommendations
Upgrading the omec-project amf component to version 2.2.0 fully resolves this vulnerability along with other security issues. Applying this official fix is the recommended remediation. Since this is not a cloud service, users must manually upgrade their deployments. Patch status is confirmed by the vendor's release notes indicating version 2.2.0 as the fix. No alternative mitigations or temporary workarounds are indicated.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- VulDB
- Date Reserved
- 2026-05-17T09:55:58.968Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a0ad6abec166c07b096f50f
Added to database: 5/18/2026, 9:06:51 AM
Last enriched: 5/18/2026, 9:07:06 AM
Last updated: 5/20/2026, 1:35:07 PM
Views: 18
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.