PatchSiren

omec-project CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

LOW omec-project CVE published 2026-07-04

CVE-2026-14623

CVE-2026-14623 is a vulnerability in omec-project amf up to 2.1.1. The issue affects the RRCInactiveTransitionReport function in the NGAP Message Handler component. This vulnerability can lead to denial of service and may be exploited remotely. The exploit has been publicly disclosed. A patch, 34bc6724acc97dba1f8691e586da95b042cb612d, is available to remediate this issue.

LOW omec-project CVE published 2026-05-23

CVE-2026-9301

A memory corruption vulnerability exists in the omec-project AMF (Access and Mobility Management Function) software, affecting versions up to 2.1.1. The flaw resides in the NGReset message handler component, where improper input validation allows remote attackers to trigger memory corruption through crafted NGReset messages. The vulnerability has been publicly disclosed with proof-of-concept availability, [truncated]

LOW omec-project CVE published 2026-05-18

CVE-2026-8783

CVE-2026-8783 is a low-severity but remotely reachable availability issue in omec-project amf. The vulnerability is described as a null pointer dereference in UERadioCapabilityCheckResponse within ngap/dispatcher.go, affecting versions up to 2.1.3-dev. The supplied source material states that the issue can be triggered remotely and that public exploitation details have been disclosed. Version 2.2.0 is ide [truncated]

LOW omec-project CVE published 2026-05-18

CVE-2026-8782

A null pointer dereference vulnerability exists in the OMEC Project AMF (Access and Mobility Management Function) NGAP message handler, affecting versions up to 2.1.3-dev. The flaw resides in ngap/handler.go and can be triggered remotely by an authenticated attacker with low privileges. Successful exploitation causes availability impact through service disruption. The vulnerability has been publicly discl [truncated]

LOW omec-project CVE published 2026-05-18

CVE-2026-8780

A memory corruption vulnerability exists in the OMEC Project AMF (Access and Mobility Management Function) up to version 2.1.3-dev. The flaw resides in an unknown function within the NGAP Message Handler component, specifically in the file ngap/dispatcher.go. Remote attackers can exploit this vulnerability to trigger memory corruption. The CVSS 4.0 score of 2.1 reflects low severity with network attack ve [truncated]

LOW omec-project CVE published 2026-05-18

CVE-2026-8779

A memory corruption vulnerability exists in the OMEC Project AMF (Access and Mobility Management Function) software, affecting versions up to and including 2.1.3-dev. The flaw resides in the NGSetupRequest function within ngap/handler.go, where improper handling of the InformationElement argument can lead to memory corruption. This vulnerability is remotely exploitable and has been publicly disclosed. The [truncated]