CVE-2026-30078

Published: Apr 6, 2026Modified: Apr 10, 2026

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

OpenAirInterface V2.2.0 AMF crashes when it receives an NGAP message with invalid procedure code or invalid PDU-type. For example when the message specification requires InitiatingMessage but sent with successfulOutcome.

Affected (1)

Products: Openairinterface: Oai Cn5g Amf

Openairinterface

1 product

Oai Cn5g Amf

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Openairinterface Oai Cn5g Amf	Version 2.2.0

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (2)

https://gitlab.eurecom.fr/oai/cn5g/oai-cn5g-amf/-/issues/74

Source: cve@mitre.org

ExploitIssue Tracking

https://gitlab.eurecom.fr/oai/cn5g/oai-cn5g-amf/-/merge_requests/414

Source: cve@mitre.org

Issue Tracking

Timeline

No history available yet.