CVE-2026-30075
Published: 08 April 2026
Summary
CVE-2026-30075 is a high-severity Classic Buffer Overflow (CWE-120) vulnerability in Openairinterface Oai-Cn5G-Amf. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 29.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and SI-10 (Information Input Validation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Implements input validation on UplinkNASTransport messages containing NAS PDUs to reject oversized authentication responses before processing by AUSF.
Deploys denial-of-service protection at network entry points to limit the impact of crash-inducing malformed messages targeting AUSF.
Ensures graceful error handling in AUSF during verification of invalid oversized responses to avoid system crashes.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Buffer overflow in network-exposed AUSF service is directly exploited by unauthenticated remote attacker to trigger application crash and DoS (A:H impact, no RCE or data access).
NVD Description
OpenAirInterface Version 2.2.0 has a Buffer Overflow vulnerability in processing UplinkNASTransport containing Authentication Response containing a NAS PDU with oversize response (For example 100 byte). The response is decoded by AMF and passed to the AUSF component for verification. AUSF…
more
crashes on receiving this oversize response. This can prohibit users from further registration and verification and can cause Denial of Services (DoS).
Deeper analysisAI
CVE-2026-30075 is a buffer overflow vulnerability (CWE-120) affecting OpenAirInterface version 2.2.0, specifically in the AUSF (Authentication Server Function) component of the OAI-CN5G suite. The issue arises during processing of an UplinkNASTransport message containing an Authentication Response with a NAS PDU that includes an oversize response, such as one exceeding 100 bytes. The AMF (Access and Mobility Management Function) decodes the response and forwards it to AUSF for verification, triggering the overflow and subsequent crash in AUSF. The vulnerability carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), indicating high availability impact with no confidentiality or integrity effects.
The vulnerability can be exploited remotely over the network by unauthenticated attackers with low complexity and no user interaction required. An attacker crafts and sends a malicious UplinkNASTransport message with an oversized Authentication Response NAS PDU, which causes the AUSF component to crash upon receipt. This results in a denial-of-service condition, preventing legitimate users from completing registration and authentication processes.
The issue is tracked in GitLab repositories for the oai-cn5g-ausf project, specifically issue #6, where details on the buffer overflow and its impact on AUSF are documented. No specific patch or mitigation details are outlined in the provided CVE references.
Details
- CWE(s)