CVE-2026-30079: In OpenAirInterface V2.2.0 AMF, Out of sequence messages causes incorrect state transition during UE registration proced
infovulnerability
security
Summary
CVE-2026-30079 is a vulnerability in OpenAirInterface V2.2.0 AMF (access and mobility management function, which handles device registration in mobile networks) where out-of-sequence messages (messages arriving in the wrong order) cause incorrect state transitions during user equipment registration. An attacker can send a SecurityModeComplete message before the proper initial registration is complete, causing the system to accept and register a device without performing proper authentication checks.
Vulnerability Details
EPSS (30-day exploit probability)
EPSS: 0.0%
Disclosure Date
April 7, 2026
Classification
Attack SophisticationModerate
Monthly digest — independent AI security research
Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-30079
First tracked: April 7, 2026 at 02:08 PM
Classified by LLM (prompt v3) · confidence: 95%