CVE-2026-30078

HighPublic PoC

Published: 06 April 2026

Published

06 April 2026

Modified

10 April 2026

KEV Added

—

Patch

—

CVSS Score 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Score 0.0007 20.5th percentile

Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-30078 is a high-severity Improper Input Validation (CWE-20) vulnerability in Openairinterface Oai-Cn5G-Amf. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 20.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-11 (Error Handling).

Threat & Defense at a Glance

What attackers do: exploitation maps to Application or System Exploitation (T1499.004). What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match

prevent

Directly enforces validation of NGAP message procedure codes and PDU-types to prevent crashes from invalid inputs in the AMF.

SI-11 Error Handling good match

prevent

Ensures the AMF handles parsing errors from invalid NGAP messages gracefully without crashing, mitigating the DoS condition.

SI-2 Flaw Remediation good match

prevent

Requires timely patching of the identified input validation flaw in OpenAirInterface AMF as referenced in the merge request, eliminating the vulnerability.

MITRE ATT&CK Enterprise TechniquesAI

T1499.004 Application or System Exploitation Impact

Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.

attack.mitre.org →

Why these techniques?

The vulnerability allows remote attackers to crash the AMF via malformed NGAP messages due to improper input validation, directly enabling Endpoint Denial of Service through application exploitation (T1499.004).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

OpenAirInterface V2.2.0 AMF crashes when it receives an NGAP message with invalid procedure code or invalid PDU-type. For example when the message specification requires InitiatingMessage but sent with successfulOutcome.

Deeper analysisAI

CVE-2026-30078 is a vulnerability in the Access and Mobility Management Function (AMF) component of OpenAirInterface version 2.2.0. It stems from improper input validation (CWE-20), where the AMF crashes upon receiving an NGAP message with an invalid procedure code or PDU-type. For instance, the crash occurs if a message expecting an InitiatingMessage is sent with a successfulOutcome instead.

The vulnerability enables remote exploitation over the network (AV:N) with low attack complexity (AC:L), requiring no privileges (PR:N), no user interaction (UI:N), and no change in scope (S:U). Per the CVSS v3.1 base score of 7.5 (C:N/I:N/A:H), attackers can achieve a denial-of-service condition by crashing the AMF, disrupting service availability without impacting confidentiality or integrity.

Advisories reference OpenAirInterface's GitLab repository for mitigation, including issue tracker entry https://gitlab.eurecom.fr/oai/cn5g/oai-cn5g-amf/-/issues/74 detailing the problem and merge request https://gitlab.eurecom.fr/oai/cn5g/oai-cn5g-amf/-/merge_requests/414 addressing the fix. Security practitioners should review these for patching instructions applicable to affected deployments.