CVE-2026-8782

omec-project amf NGAP Message handler.go null pointer dereference

CVSS 5.3 MEDIUMEPSS 0.3%CWE-404 CWE-476

Vexday Risk Score

33Atención

Decisión SSVC (CISA)

Attend

PoC disponible → seguir de cerca

CVSS 5.3EPSS 0.3%KEV nãoPoC públicaNuclei —Metasploit —Patch referenciado

Ciclo de vida

18 may 2026Publicada en NVD

Recomendación: Planificar corrección próxima — ya existe PoC pública.

A weakness has been identified in omec-project amf up to 2.1.3-dev. This affects an unknown function of the file ngap/handler.go of the component NGAP Message Handler. This manipulation causes null pointer dereference. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be used for attacks. Upgrading to version 2.2.0 mitigates this issue. It is recommended to upgrade the affected component. The same pull request fixes multiple security issues.

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P

Productos afectados

omec-project · amf

PoCs públicas encontradas — 1

cve_referencegithub.com/omec-project/amf/issues/674no verificado

⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://github.com/omec-project/amf/https://github.com/omec-project/amf/issues/674 https://github.com/omec-project/amf/pull/666 https://github.com/omec-project/amf/releases/tag/v2.2.0 https://vuldb.com/submit/811654 https://vuldb.com/vuln/364406 https://vuldb.com/vuln/364406/cti