{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2026-30078", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2026-04-06T14:09:30.380Z", "dateReserved": "2026-03-04T00:00:00.000Z", "datePublished": "2026-04-06T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-04-06T13:55:12.232Z"}, "descriptions": [{"lang": "en", "value": "OpenAirInterface V2.2.0 AMF crashes when it receives an NGAP message with invalid procedure code or invalid PDU-type. For example when the message specification requires InitiatingMessage but sent with successfulOutcome."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://gitlab.eurecom.fr/oai/cn5g/oai-cn5g-amf/-/issues/74"}, {"url": "https://gitlab.eurecom.fr/oai/cn5g/oai-cn5g-amf/-/merge_requests/414"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-20", "lang": "en", "description": "CWE-20 Improper Input Validation"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-04-06T14:09:03.200841Z", "id": "CVE-2026-30078", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-06T14:09:30.380Z"}}]}, "dataVersion": "5.2"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-30078", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-06T14:09:03.200841Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-20", "description": "CWE-20 Improper Input Validation"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-06T14:07:44.973Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://gitlab.eurecom.fr/oai/cn5g/oai-cn5g-amf/-/issues/74"}, {"url": "https://gitlab.eurecom.fr/oai/cn5g/oai-cn5g-amf/-/merge_requests/414"}], "descriptions": [{"lang": "en", "value": "OpenAirInterface V2.2.0 AMF crashes when it receives an NGAP message with invalid procedure code or invalid PDU-type. For example when the message specification requires InitiatingMessage but sent with successfulOutcome."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-04-06T13:55:12.232Z"}}}, "cveMetadata": {"cveId": "CVE-2026-30078", "state": "PUBLISHED", "dateUpdated": "2026-04-06T14:09:30.380Z", "dateReserved": "2026-03-04T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2026-04-06T00:00:00.000Z", "assignerShortName": "mitre"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:openairinterface:oai-cn5g-amf:2.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "1BB4900E-B5A7-40ED-8DA6-4E372D5036D9", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "OpenAirInterface V2.2.0 AMF crashes when it receives an NGAP message with invalid procedure code or invalid PDU-type. For example when the message specification requires InitiatingMessage but sent with successfulOutcome."}], "id": "CVE-2026-30078", "lastModified": "2026-04-10T18:26:05.150", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-04-06T14:16:22.807", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Issue Tracking"], "url": "https://gitlab.eurecom.fr/oai/cn5g/oai-cn5g-amf/-/issues/74"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking"], "url": "https://gitlab.eurecom.fr/oai/cn5g/oai-cn5g-amf/-/merge_requests/414"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "2.2.0"}}], "enrichment": {"confidence": 100.0, "confidence_source": "manual", "scores": [{"score": 100.0, "source": "manual"}]}, "original": {"product": "n/a", "source": "cna", "vendor": "n/a"}, "product": "oai-cn5g-amf", "vendor": "openairinterface"}], "analysis": {"en": {"generated_at": "2026-04-10T19:30:50.064531+00:00", "value": {"mitigation_remediation": ["Apply the vendor\u2019s update that addresses NGAP message validation in OpenAirInterface AMF 2.2.0 or later.", "If upgrading is not feasible immediately, limit external access to the AMF and consider blocking abnormal NGAP traffic with firewall rules.", "Enable detailed logging for AMF control plane activities and observe for repeated crashes or malformed messages."], "summary": {"action": "Patch Immediately", "impact": "Denial of Service"}, "threat_synthesis": {"affected_systems": "OpenAirInterface CN5G AMF version 2.2.0 is affected. No other versions are explicitly listed in the advisory, so operators running that release should treat the component as vulnerable.", "description_and_impact": "The defect allows an attacker to cause a crash in the OpenAirInterface 2.2.0 AMF by sending an NGAP message that contains an invalid procedure code or mismatched PDU type. When the AMF processes such a message it terminates unexpectedly, resulting in a denial\u2011of\u2011service condition that can disrupt the availability of the 5G core network for all users connected to that AMF. The weakness arises from improper input validation, identified as CWE\u201120, and could potentially be exploited by any entity able to inject malformed NGAP traffic into the AMF.", "risk_and_exploitability": "The CVSS score of 7.5 indicates a substantial risk to availability, while the EPSS score is below 1\u202f%, suggesting that automated exploitation is unlikely at present, and the vulnerability is not listed in the CISA KEV catalog. Based on the description, it is inferred that the attack vector involves a network-based injection of malformed NGAP messages into the AMF. If an attacker has network access to the AMF, the flaw can be exploited in a real\u2011world setting, leading to repeated crashes and service disruption."}}}}, "created": "2026-04-06T20:22:10.498160+00:00", "updated": "2026-04-13T14:27:57.017934+00:00", "vendors": ["openairinterface", "openairinterface$PRODUCT$oai-cn5g-amf"]}