CVE-2026-14624

MEDIUM

omec-project amf NGSetupRequest handler.go denial of service

Title source: cna
STIX 2.1

Description

A vulnerability was identified in omec-project amf up to 2.0.2/2.1.1. Impacted is an unknown function of the file /go/src/amf/ngap/handler.go of the component NGSetupRequest Handler. The manipulation leads to denial of service. It is possible to initiate the attack remotely. The exploit is publicly available and might be used. The identifier of the patch is 34bc6724acc97dba1f8691e586da95b042cb612d. To fix this issue, it is recommended to deploy a patch.

References (8)

Core 8
Core References
Vdb Entry vdb-entry
VDB-376140 | omec-project amf NGSetupRequest handler.go denial of service
https://vuldb.com/vuln/376140
Signature, Permissions Required signature permissions-required
VDB-376140 | CTI Indicators (IOB, IOC, TTP, IOA)
https://vuldb.com/vuln/376140/cti
Third Party Advisory third-party-advisory
CVE-2026-14624 | CVE Analysis and Report
https://vuldb.com/cve/CVE-2026-14624
Third Party Advisory third-party-advisory
Submit #845349 | Linux Foundation Projects SD-Core 2.1.1 Memory Corruption
https://vuldb.com/submit/845349
Exploit exploit issue-tracking
https://github.com/omec-project/amf/issues/677

Scores

CVSS v3 4.3
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Details

CWE
CWE-404
Status published
Products (5)
omec-project/amf 2.0.0
omec-project/amf 2.0.1
omec-project/amf 2.0.2
omec-project/amf 2.1.0
omec-project/amf 2.1.1
Published Jul 04, 2026
Tracked Since Jul 04, 2026