CVE-2026-30078: OpenAirInterface V2.2.0 AMF crashes when it receives an NGAP message with invalid procedure code or invalid PDU-type. Fo
highvulnerability
security
Summary
OpenAirInterface V2.2.0 AMF (access and mobility management function, a component that handles device connections in 5G networks) crashes when it receives an NGAP message (a protocol used for communication in 5G networks) with an invalid procedure code or incorrect PDU-type (message format indicator). For example, the software crashes if a message is sent in the wrong format, such as using successfulOutcome when InitiatingMessage is required.
Vulnerability Details
CVSS Score
7.5(high)
EPSS (30-day exploit probability)
EPSS: 0.0%
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
network
Attack Complexity
low
Privileges Required
none
User Interaction
none
Disclosure Date
April 6, 2026
Classification
Attack SophisticationTrivial
Taxonomy References
CWE (Weakness Type)
Monthly digest — independent AI security research
Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-30078
First tracked: April 6, 2026 at 02:08 PM
Classified by LLM (prompt v3) · confidence: 95%