CVE-2026-41136

free5GC AMF provides Access & Mobility Management Function AMF for free5GC, an an open-source project for 5th generation 5G mobile core networks. Prior to version 1.4.3, the HTTPUEContextTransfer handler in internal/sbi/apicommunication.go does not include a default case in the Content-Type switc...

amf 缓冲区错误漏洞

AMF is an open-source library under Apache License, developed by Free5GC. Versions of AMF prior to 2.1.1 contain a buffer error vulnerability. This vulnerability stems from unknown code in the NGReset Message Handler component, which may lead to memory corruption...

amf 缓冲区错误漏洞

AMF is a control plane function in the Aether SD-Core Project’s open-source 5G core network. Versions of AMF prior to 2.1.1 contained a buffer error vulnerability. This vulnerability originates from the PDUSessionResourceModifyIndication function in the /go/src/amf/ngap/handler.go file, and it...

CVE-2026-7706

A vulnerability has been found in Open5GS up to 2.7.7. This issue affects the function gmmhandleservicerequest of the file /src/amf/gmm-handler.c of the component AMF. The manipulation leads to denial of service. The attack can be initiated remotely. The exploit has been disclosed to the public a...

EUVD-2026-26699

A vulnerability has been found in Open5GS up to 2.7.7. This vulnerability affects the function amfnsmfpdusessionhandleupdatesmcontext of the file /src/amf/nsmf-handler.c of the component AMF. The manipulation leads to denial of service. It is possible to initiate the attack remotely. The exploit...

PT-2026-30603

OpenAirInterface V2.2.0 AMF crashes when it receives an NGAP message with invalid procedure code or invalid PDU-type. For example when the message specification requires InitiatingMessage but sent with successfulOutcome...

EUVD-2026-14264

A weakness has been identified in Free5GC 4.1.0. Affected is the function HandleRegistrationComplete of the file internal/gmm/handler.go of the component AMF. Executing a manipulation can lead to denial of service. The attack may be performed from remote. This patch is called...

CVE-2025-70121

An array index out of bounds vulnerability in the AMF component of free5GC v4.0.1 allows remote attackers to cause a denial of service via a crafted 5GS Mobile Identity in a NAS Registration Request message. The issue occurs in the GetSUCI method NASMobileIdentity5GS.go when accessing index 5 of ...

free5GC 安全漏洞

free5GC is an open-source project for the 5th generation 5G mobile core network. Version 4.0.1 of free5GC contains a security vulnerability caused by an array index out-of-bounds issue in the AMF component. This vulnerability could allow remote attackers to cause denial-of-service attacks using a...

Open5GS 安全漏洞

Open5GS is an Open5GS open source C open source implementation of 5G Core and Epc, the core network of the Lte/Nr network. A security vulnerability exists in Open5GS version 2.7.5 and earlier, which stems from an assertion failure in the ngapbuilddownlinknastransport function in the AMF component...

PT-2025-36506

Name of the Vulnerable Software and Affected Versions: Open5GS versions through 2.7.5 Description: An assertion failure in the ngap build downlink nas transport function within the src/amf/ngap-build.c file, part of the Access and Mobility Management Function AMF component, can lead to a denial o...

CVE-2025-8804

A vulnerability was found in Open5GS up to 2.7.5. Affected by this vulnerability is the function ngapbuilddownlinknastransport of the component AMF. The manipulation leads to reachable assertion. The attack can be launched remotely. The exploit has been disclosed to the public and may be used...

CVE-2025-8804 Open5GS AMF ngap_build_downlink_nas_transport assertion

A vulnerability was found in Open5GS up to 2.7.5. Affected by this vulnerability is the function ngapbuilddownlinknastransport of the component AMF. The manipulation leads to reachable assertion. The attack can be launched remotely. The exploit has been disclosed to the public and may be used...

CVE-2025-8801

A vulnerability was found in Open5GS up to 2.7.5. This affects the function gmmstateexception of the file src/amf/gmm-sm.c of the component AMF. The manipulation leads to denial of service. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be use...

Open5GS 安全漏洞

Open5GS is Open5GS open source an open source implementation in C of 5G Core and Epc, the core network of the Lte/Nr network. Open5GS suffers from a denial of service vulnerability that can be exploited by an attacker to cause a crash caused by the AMF in commonregisterstate...

free5GC 安全漏洞

free5GC is a 5th Generation 5G mobile core network open source project by free5GC open source. A security vulnerability exists in free5GC version 4.0.0, which stems from a buffer overflow in the AMF component that could lead to a denial of service...

Open5GS 安全漏洞

Open5GS is Open5GS open source an open source implementation in C of 5G Core and Epc, the core network of the Lte/Nr network. Open5GS suffers from a denial-of-service vulnerability that stems from the gmmstateexception function mishandling a specific response error, which can be exploited by an...

OpenAirInterface CN5G AMF 代码问题漏洞

OpenAirInterface CN5G AMF is an OpenAirInterface open source application. A security vulnerability exists in OpenAirInterface CN5G AMF v2.0.0 and earlier versions that stems from the presence of uninitialized pointer dereferences, which allows an attacker to trigger a denial of service DoS via a...

Ericsson Packet Core Controller 安全漏洞

Ericsson Packet Core Controller Ericsson PCC is a packet core controller from Ericsson, Sweden. A security vulnerability exists in Ericsson Packet Core Controller versions prior to 1.33 that stems from improper input validation in the Access and Mobility Management Function component, which could...

Open5GS Denial of Service Vulnerability (CNVD-2025-18585)

Open5GS is an open source implementation in C of 5G Core and Epc, the core network of the Lte/Nr network. Open5GS suffers from a denial of service vulnerability that can be exploited by an attacker to cause AMF to crash...