AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2026-30080: OpenAirInterface v2.2.0 accepts Security Mode Complete without any integrity protection. Configuration has supported int

infovulnerability

security

Source: NVD/CVE DatabaseApril 8, 2026CVE-2026-30080

Summary

OpenAirInterface v2.2.0 has a security flaw where it accepts a Security Mode Complete message without integrity protection (IA0, a setting that provides no message integrity checking) even though it supports stronger options like NIA1 and NIA2 (integrity protection methods). This allows attackers to perform replay attacks (sending the same captured message multiple times to trick the system), because the weakest security setting is allowed.

Vulnerability Details

EPSS (30-day exploit probability)

EPSS: 0.0%

Disclosure Date

April 8, 2026

Classification

Attack SophisticationModerate

Monthly digest — independent AI security research

Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-30080

First tracked: April 8, 2026 at 02:07 PM

Classified by LLM (prompt v3) · confidence: 95%