CVE-2026-30080

HIGH

OpenAirInterface 2.2.0 - Auth Bypass

Title source: llm

Description

OpenAirInterface v2.2.0 accepts Security Mode Complete without any integrity protection. Configuration has supported integrity NIA1 and NIA2. But if an UE sends initial registration request with only security capability IA0, OpenAirInterface accepts and proceeds. This downgrade security context can lead to the possibility of replay attack.

References (1)

Core 1

Core References

https://gitlab.eurecom.fr/oai/cn5g/oai-cn5g-amf/-/issues/78

Scores

CVSS v3 7.5

EPSS 0.0025

EPSS Percentile 16.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-294

Status published

Products (1)

openairinterface/oai-cn5g-amf 2.2.0

Published Apr 08, 2026

Tracked Since Apr 08, 2026