CVE-2026-14624
MEDIUMomec-project amf NGSetupRequest handler.go denial of service
Title source: cnaDescription
A vulnerability was identified in omec-project amf up to 2.0.2/2.1.1. Impacted is an unknown function of the file /go/src/amf/ngap/handler.go of the component NGSetupRequest Handler. The manipulation leads to denial of service. It is possible to initiate the attack remotely. The exploit is publicly available and might be used. The identifier of the patch is 34bc6724acc97dba1f8691e586da95b042cb612d. To fix this issue, it is recommended to deploy a patch.
References (8)
Core 8
Core References
Vdb Entry vdb-entry
VDB-376140 | omec-project amf NGSetupRequest handler.go denial of service
https://vuldb.com/vuln/376140
Signature, Permissions Required signature
permissions-required
VDB-376140 | CTI Indicators (IOB, IOC, TTP, IOA)
https://vuldb.com/vuln/376140/cti
Third Party Advisory third-party-advisory
CVE-2026-14624 | CVE Analysis and Report
https://vuldb.com/cve/CVE-2026-14624
Third Party Advisory third-party-advisory
Submit #845349 | Linux Foundation Projects SD-Core 2.1.1 Memory Corruption
https://vuldb.com/submit/845349
Exploit exploit
issue-tracking
https://github.com/omec-project/amf/issues/677
Patch issue-tracking
patch
https://github.com/omec-project/amf/pull/666
Product product
https://github.com/omec-project/amf/
Scores
CVSS v3
4.3
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Details
CWE
CWE-404
Status
published
Products (5)
omec-project/amf
2.0.0
omec-project/amf
2.0.1
omec-project/amf
2.0.2
omec-project/amf
2.1.0
omec-project/amf
2.1.1
Published
Jul 04, 2026
Tracked Since
Jul 04, 2026