CVE-2026-9299 Overview
CVE-2026-9299 is a memory corruption vulnerability affecting the omec-project Access and Mobility Management Function (AMF) through version 2.1.1. The flaw resides in the PDUSessionResourceModifyIndication function within /go/src/amf/ngap/handler.go. Remote attackers with low-level privileges can trigger the condition over the network to corrupt memory in the AMF process. The issue is classified under [CWE-119] (Improper Restriction of Operations within the Bounds of a Memory Buffer). A public exploit has been disclosed, and a patch is available through the upstream repository.
Critical Impact
Remote, authenticated attackers can corrupt AMF memory by sending crafted NGAP PDU Session Resource Modify Indication messages, potentially disrupting 5G core mobility management services.
Affected Products
- omec-project AMF versions up to and including 2.1.1
- 5G core deployments using the affected AMF component
- OMEC Project NGAP handler module (/go/src/amf/ngap/handler.go)
Discovery Timeline
- 2026-05-23 - CVE-2026-9299 published to NVD
- 2026-05-26 - Last updated in NVD database
Technical Details for CVE-2026-9299
Vulnerability Analysis
The omec-project AMF implements 5G NG Application Protocol (NGAP) message handlers for managing user equipment sessions. The PDUSessionResourceModifyIndication handler in handler.go processes incoming session modification indications from the User Plane Function (UPF) or Session Management Function (SMF). Improper boundary handling within this routine allows attacker-influenced input to corrupt memory structures used by the AMF process. The vulnerability is reachable remotely once a peer has established an NGAP association with the AMF, requiring low privileges as defined by the CVSS attack model.
The defect is tracked under [CWE-119], indicating improper restriction of operations within memory buffer bounds. In a Go-based service, such conditions typically produce panics, slice out-of-bounds access, or unsafe pointer manipulation leading to process disruption. The functional impact aligns with degraded availability and limited confidentiality or integrity exposure for the AMF subsystem.
Root Cause
The root cause lies in the parsing and handling logic of PDU Session Resource Modify Indication messages within PDUSessionResourceModifyIndication. The handler does not adequately validate the size or structure of input fields before performing memory operations. Attackers can craft NGAP messages that bypass these checks and induce out-of-bounds access or corruption of internal data structures.
Attack Vector
Exploitation occurs over the network through the N2 interface used between gNodeB elements and the AMF. An attacker with the ability to reach the AMF and authenticate at a low privilege level can send a malformed PDUSessionResourceModifyIndication NGAP message. Successful exploitation corrupts AMF memory, with effects ranging from process instability to limited integrity violations within the 5G control plane. A proof-of-concept has been published, increasing the likelihood of opportunistic exploitation in exposed environments.
For technical specifics, see the GitHub Issue #681 and the corresponding GitHub Pull Request #666.
Detection Methods for CVE-2026-9299
Indicators of Compromise
- Unexpected AMF process crashes, panics, or restarts correlated with incoming NGAP traffic
- Anomalous PDUSessionResourceModifyIndication messages with malformed or oversized information elements
- NGAP session disruptions on the N2 interface without corresponding gNodeB-initiated events
- Log entries from handler.go indicating decoding errors or runtime panics
Detection Strategies
- Inspect NGAP traffic on the N2 interface for malformed PDU Session Resource Modify Indication procedures using a 5G-aware network analyzer
- Monitor AMF container or pod restart counts in Kubernetes deployments for abnormal spikes
- Enable verbose logging in the ngap package and alert on stack traces referencing PDUSessionResourceModifyIndication
Monitoring Recommendations
- Forward AMF stdout/stderr and Go runtime panic logs to a centralized SIEM for correlation
- Track NGAP message rates per peer gNodeB to identify abnormal modification indication volumes
- Establish baselines for AMF memory and goroutine counts and alert on deviations
How to Mitigate CVE-2026-9299
Immediate Actions Required
- Upgrade omec-project AMF to a version that includes the fix from GitHub Pull Request #666
- Restrict N2 interface connectivity to authorized gNodeB peers only, using network segmentation and mutual TLS where supported
- Audit AMF deployment manifests to ensure the patched container image is in use across all clusters
Patch Information
The upstream fix is available in the omec-project AMF repository via pull request #666. Operators should rebuild affected container images from patched source or pull updated tags once published. Validate the patched build by exercising PDU session modification flows in a staging environment before rolling out to production 5G cores. Additional context is provided in VulDB entry #365246.
Workarounds
- Apply strict NGAP peer allow-lists at the network layer to limit who can send modification indications to the AMF
- Deploy AMF instances behind a 5G-aware signaling firewall that validates NGAP message structure
- Enable automatic pod restart and rate limiting in orchestration platforms to contain availability impact until patching completes
# Example: restrict N2 interface to known gNodeB peers via NetworkPolicy
kubectl apply -f - <<EOF
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: amf-n2-allowlist
namespace: omec
spec:
podSelector:
matchLabels:
app: amf
ingress:
- from:
- ipBlock:
cidr: 10.20.30.0/24 # trusted gNodeB subnet
ports:
- protocol: SCTP
port: 38412
EOF
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
