CVE-2026-8349 Overview
CVE-2026-8349 is a memory corruption vulnerability in the omec-project Access and Mobility Management Function (AMF) component used in 5G core network deployments. The flaw affects versions up to and including 2.1.1 and resides in the NGAP (NG Application Protocol) Message Handler. An authenticated remote attacker with low privileges can trigger memory corruption by sending crafted NGAP messages to the AMF. The issue is tracked under [CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer]. A public exploit has been disclosed, and a patch identified by hash 8a4c33cdda866094f1989bdeff6d8642fce8de8435f89defd66831c97715f5aa is available in release 2.2.1.
Critical Impact
Remote attackers with low privileges can corrupt AMF memory through crafted NGAP messages, potentially disrupting 5G core network availability.
Affected Products
- omec-project AMF versions up to 2.1.1
- omec-project 5GC AMF Docker images prior to rel-2.2.1
- 5G core deployments based on the OMEC project AMF component
Discovery Timeline
- 2026-05-12 - CVE-2026-8349 published to NVD
- 2026-05-13 - Last updated in NVD database
Technical Details for CVE-2026-8349
Vulnerability Analysis
The vulnerability resides in the NGAP Message Handler of the omec-project AMF. NGAP is the signaling protocol between the 5G Radio Access Network (RAN) and the AMF in the 5G core. When the handler parses certain message fields, it fails to enforce proper memory bounds, resulting in memory corruption. The flaw is categorized under [CWE-119], which covers improper restriction of operations within buffer boundaries.
The attack is remotely exploitable across the network and requires only low privileges. No user interaction is required. The available exploit and public patch increase the urgency of remediation for operators running unpatched OMEC AMF instances.
Root Cause
The root cause is improper validation of input boundaries within NGAP message decoding logic. When malformed or oversized fields are processed, the handler operates outside the intended buffer limits, corrupting adjacent memory. This class of defect typically results from missing length checks before copy operations or pointer arithmetic on attacker-controlled offsets.
Attack Vector
An attacker who can reach the AMF's NGAP interface and present low-privilege credentials sends a manipulated NGAP message. The malformed message exercises the vulnerable parsing path, corrupting AMF process memory. Depending on the corrupted structure, this can degrade AMF availability and disrupt subscriber signaling across the 5G core.
No verified exploit code is reproduced here. Technical details and the corrective change are documented in GitHub Issue #672 and Pull Request #666.
Detection Methods for CVE-2026-8349
Indicators of Compromise
- Unexpected AMF process crashes, restarts, or container terminations following NGAP traffic spikes
- Malformed or oversized NGAP PDUs originating from unexpected gNB peers
- AMF log entries referencing decoder errors or aborted NGAP procedures
Detection Strategies
- Monitor AMF container exit codes and restart counters in Kubernetes for anomalies correlated with signaling traffic
- Inspect NGAP traffic at the N2 interface for malformed IEs and protocol violations using a 5G-aware probe
- Baseline normal NGAP message rates and field sizes per gNB peer and alert on deviations
Monitoring Recommendations
- Centralize AMF and NGAP gateway logs and correlate with peer identity and source address
- Track image digests against the patched rel-2.2.1 Docker layer hash 8a4c33cdda866094f1989bdeff6d8642fce8de8435f89defd66831c97715f5aa
- Alert on AMF crash loops or memory-related signals such as SIGSEGV and OOM kills
How to Mitigate CVE-2026-8349
Immediate Actions Required
- Upgrade omec-project AMF to release 2.2.1 or later, which contains the patch referenced in Pull Request #666
- Pull and deploy the patched container image from the 5GC AMF Docker Hub layer
- Restrict NGAP (N2) reachability to authorized gNB peers only via network segmentation and firewall rules
Patch Information
The fix is published in the omec-project AMF repository and tracked in GitHub Issue #672. The corresponding patched container image is identified by SHA256 digest 8a4c33cdda866094f1989bdeff6d8642fce8de8435f89defd66831c97715f5aa and tagged rel-2.2.1. Additional vulnerability metadata is available in VulDB entry #362663.
Workarounds
- Enforce strict allowlists on the N2 interface so only trusted gNBs can establish NGAP associations
- Deploy a 5G-aware network function or signaling firewall to drop malformed NGAP PDUs before they reach the AMF
- Configure container orchestration to rate-limit AMF restarts and isolate impacted pods to preserve service continuity
# Pull and deploy the patched AMF image
docker pull omecproject/5gc-amf:rel-2.2.1
# Verify the image digest matches the patched layer
docker inspect --format='{{index .RepoDigests 0}}' omecproject/5gc-amf:rel-2.2.1
# Expected digest contains:
# sha256:8a4c33cdda866094f1989bdeff6d8642fce8de8435f89defd66831c97715f5aa
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
