CVE Catalog

CVE-2026-14624

MediumCVSS 4.3
Published: Translated: NVD NIST

Summary

A vulnerability in omec-project amf up to version 2.0.2/2.1.1 affects the NGSetupRequest handler in handler.go, leading to denial of service (DoS). The attack is remotely exploitable and a public exploit exists.

Risk Assessment

The organization faces DoS attacks that can disrupt 5G network operations by overloading the AMF component. The public exploit increases the risk of rapid exploitation.

Recommendation

Apply the patch identified by commit 34bc6724acc97dba1f8691e586da95b042cb612d immediately. Update to the latest version of omec-project amf.

Original NVD description (English source)

A vulnerability was identified in omec-project amf up to 2.0.2/2.1.1. Impacted is an unknown function of the file /go/src/amf/ngap/handler.go of the component NGSetupRequest Handler. The manipulation leads to denial of service. It is possible to initiate the attack remotely. The exploit is publicly available and might be used. The identifier of the patch is 34bc6724acc97dba1f8691e586da95b042cb612d. To fix this issue, it is recommended to deploy a patch.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS