Cyber Resilience

CVE-2026-30075

HighPublic PoC

Published: 08 April 2026

Published
08 April 2026
Modified
14 April 2026
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score 0.0015 36.0th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-30075 is a high-severity Classic Buffer Overflow (CWE-120) vulnerability in Openairinterface Oai-Cn5G-Amf. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 36.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2026-30075 is a buffer overflow vulnerability (CWE-120) affecting OpenAirInterface version 2.2.0, specifically in the AUSF (Authentication Server Function) component of the OAI-CN5G suite. The issue arises during processing of an UplinkNASTransport message containing an Authentication Response with a NAS PDU that includes an oversize response, such as one exceeding 100 bytes. The AMF (Access and Mobility Management Function) decodes the response and forwards it to AUSF for verification, triggering the overflow and subsequent crash in AUSF. The vulnerability carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), indicating high availability impact with no confidentiality or integrity effects.

The vulnerability can be exploited remotely over the network by unauthenticated attackers with low complexity and no user interaction required. An attacker crafts and sends a malicious UplinkNASTransport message with an oversized Authentication Response NAS PDU, which causes the AUSF component to crash upon receipt. This results in a denial-of-service condition, preventing legitimate users from completing registration and authentication processes.

The issue is tracked in GitLab repositories for the oai-cn5g-ausf project, specifically issue #6, where details on the buffer overflow and its impact on AUSF are documented. No specific patch or mitigation details are outlined in the provided CVE references.

EU & UK References

Vulnerability details

OpenAirInterface Version 2.2.0 has a Buffer Overflow vulnerability in processing UplinkNASTransport containing Authentication Response containing a NAS PDU with oversize response (For example 100 byte). The response is decoded by AMF and passed to the AUSF component for verification. AUSF…

more

crashes on receiving this oversize response. This can prohibit users from further registration and verification and can cause Denial of Services (DoS).

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

Buffer overflow in network-exposed AUSF service is directly exploited by unauthenticated remote attacker to trigger application crash and DoS (A:H impact, no RCE or data access).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-30078Same product: Openairinterface Oai-Cn5G-Amf
CVE-2025-66786Same product: Openairinterface Oai-Cn5G-Amf
CVE-2025-65805Same product: Openairinterface Oai-Cn5G-Amf
CVE-2026-30080Same product: Openairinterface Oai-Cn5G-Amf
CVE-2026-30079Same product: Openairinterface Oai-Cn5G-Amf
CVE-2026-37232Same vendor: Openairinterface
CVE-2025-20115Shared CWE-120
CVE-2020-37205Shared CWE-120
CVE-2026-28875Shared CWE-120
CVE-2020-37194Shared CWE-120

Affected Assets

openairinterface
oai-cn5g-amf
2.2.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Implements input validation on UplinkNASTransport messages containing NAS PDUs to reject oversized authentication responses before processing by AUSF.

prevent

Deploys denial-of-service protection at network entry points to limit the impact of crash-inducing malformed messages targeting AUSF.

prevent

Ensures graceful error handling in AUSF during verification of invalid oversized responses to avoid system crashes.

References