{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2026-30078", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2026-04-06T14:09:30.380Z", "dateReserved": "2026-03-04T00:00:00.000Z", "datePublished": "2026-04-06T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-04-06T13:55:12.232Z"}, "descriptions": [{"lang": "en", "value": "OpenAirInterface V2.2.0 AMF crashes when it receives an NGAP message with invalid procedure code or invalid PDU-type. For example when the message specification requires InitiatingMessage but sent with successfulOutcome."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://gitlab.eurecom.fr/oai/cn5g/oai-cn5g-amf/-/issues/74"}, {"url": "https://gitlab.eurecom.fr/oai/cn5g/oai-cn5g-amf/-/merge_requests/414"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-20", "lang": "en", "description": "CWE-20 Improper Input Validation"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-04-06T14:09:03.200841Z", "id": "CVE-2026-30078", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-06T14:09:30.380Z"}}]}, "dataVersion": "5.2"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-30078", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-06T14:09:03.200841Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-20", "description": "CWE-20 Improper Input Validation"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-06T14:07:44.973Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://gitlab.eurecom.fr/oai/cn5g/oai-cn5g-amf/-/issues/74"}, {"url": "https://gitlab.eurecom.fr/oai/cn5g/oai-cn5g-amf/-/merge_requests/414"}], "descriptions": [{"lang": "en", "value": "OpenAirInterface V2.2.0 AMF crashes when it receives an NGAP message with invalid procedure code or invalid PDU-type. For example when the message specification requires InitiatingMessage but sent with successfulOutcome."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-04-06T13:55:12.232Z"}}}, "cveMetadata": {"cveId": "CVE-2026-30078", "state": "PUBLISHED", "dateUpdated": "2026-04-06T14:09:30.380Z", "dateReserved": "2026-03-04T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2026-04-06T00:00:00.000Z", "assignerShortName": "mitre"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:openairinterface:oai-cn5g-amf:2.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "1BB4900E-B5A7-40ED-8DA6-4E372D5036D9", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "OpenAirInterface V2.2.0 AMF crashes when it receives an NGAP message with invalid procedure code or invalid PDU-type. For example when the message specification requires InitiatingMessage but sent with successfulOutcome."}], "id": "CVE-2026-30078", "lastModified": "2026-04-10T18:26:05.150", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-04-06T14:16:22.807", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Issue Tracking"], "url": "https://gitlab.eurecom.fr/oai/cn5g/oai-cn5g-amf/-/issues/74"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking"], "url": "https://gitlab.eurecom.fr/oai/cn5g/oai-cn5g-amf/-/merge_requests/414"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "2.2.0"}}], "enrichment": {"confidence": 100.0, "confidence_source": "manual", "scores": [{"score": 100.0, "source": "manual"}]}, "original": {"product": "n/a", "source": "cna", "vendor": "n/a"}, "product": "oai-cn5g-amf", "vendor": "openairinterface"}], "analysis": {"en": {"generated_at": "2026-04-06T17:54:23.822054+00:00", "value": {"mitigation_remediation": ["Apply the patch available in merge request 414 or any updated release of OpenAirInterface V2.2.0 that contains the fix.", "If a newer version is not yet released, extract and apply the corrective change from the project repository locally.", "Configure firewall or network segmentation rules to restrict inbound NGAP traffic to trusted core network elements only.", "Enable monitoring of the AMF process and set alerts for unexpected crashes or restarts.", "If the maintainers provide a temporary workaround, implement it until the official patch is deployed."], "summary": {"action": "Assess Impact", "impact": "Denial of Service due to crash"}, "threat_synthesis": {"affected_systems": "The AMF portion of OpenAirInterface version 2.2.0 is affected. No vendor name is listed in the CVE record; the project is hosted on a GitLab instance, so the specific vendor is unknown. Users running this version and exposing the AMF to external NGAP traffic fall within the impact zone.", "description_and_impact": "Improper handling of NGAP messages in the OpenAirInterface AMF component causes the process to crash when a message with an unexpected procedure code or PDU type is received\u2014for example, an InitiatingMessage that arrives as a SuccessfulOutcome. The resulting crash disables the AMF for all connected nodes, producing a denial\u2011of\u2011service outcome.", "risk_and_exploitability": "The CVSS base score of 7.5 signals high severity, and the vulnerability is not catalogued in CISA's KEV list. No EPSS score is provided. The likely attack vector is an unauthenticated network adversary transmitting a malformed NGAP packet. The flaw can be triggered without special privileges, making it reasonably likely to be exploited in a hostile environment."}}}}, "created": "2026-04-06T20:22:10.498160+00:00", "title": "Denial of Service in OpenAirInterface AMF via Malformed NGAP Messages", "updated": "2026-04-06T21:48:01.041588+00:00", "vendors": ["openairinterface", "openairinterface$PRODUCT$oai-cn5g-amf"]}