Free5GC AMF: Four Memory Corruption CVEs Disclosed in NGAP Handlers
Four medium-severity memory corruption vulnerabilities were disclosed together on May 23, 2026, in the Free5GC Access and Mobility Management Function (AMF), all affecting NGAP message handlers up to version 2.1.1.
Key findings
- All four CVEs (CVE-2026-9298 through CVE-2026-9301) share CVSSv3 6.3 and the same memory corruption root cause
- Each flaw lives in a different NGAP message handler: PathSwitchRequest, PDUSessionResourceModifyIndication, NGSetupRequest, and NGReset
- Exploits for all four vulnerabilities have been made public, increasing risk of in-the-wild attacks
- Affected software is Free5GC AMF up to version 2.1.1; patches are available
- All vulnerabilities are remotely exploitable over the N2 signaling interface
On May 23, 2026, four CVEs were published targeting the Free5GC AMF (Access and Mobility Management Function), a core component of the open-source 5G Core network project (formerly omec-project). All four vulnerabilities — CVE-2026-9298, CVE-2026-9299, CVE-2026-9300, and CVE-2026-9301 — share a CVSSv3 score of 6.3 (Medium) and the same root cause: memory corruption triggered via malformed NGAP (Next Generation Application Protocol) messages. Exploits for all four have been made public, raising the urgency for operators running 5G Core testbeds or production deployments based on Free5GC.
The four CVEs cluster around distinct NGAP message handlers, each of which processes a specific 5G signaling procedure:
- **
CVE-2026-9298targets the PathSwitchRequest Handler** — the component responsible for handling path switch requests during handovers between gNodeBs. A crafted PathSwitchRequest message can corrupt memory in the AMF's NGAP processing pipeline. - **
CVE-2026-9299affects the PDUSessionResourceModifyIndication** function in the file/go/src/amf/ngap/handler.go. This handler processes PDU session resource modification indications from the radio access network; a malformed indication triggers memory corruption. - **
CVE-2026-9300resides in the NGSetupRequest Handler**, which handles the initial NGAP setup procedure between the AMF and a gNodeB. An attacker able to reach this interface can trigger corruption during the setup negotiation. - **
CVE-2026-9301is in the NGReset Message Handler**, which processes reset messages used to reinitialize NGAP associations. Memory corruption here could allow an attacker to destabilize the control plane.
All four vulnerabilities are remotely exploitable — an attacker with network access to the AMF's N2 interface (the signaling interface between the radio access network and the 5G Core) can send specially crafted NGAP messages to trigger the flaws. The fact that all four exploits have been publicly disclosed means that proof-of-concept code is available, lowering the barrier for adversaries.
The affected software is the omec-project AMF (Free5GC's AMF implementation) up to and including version 2.1.1. The project's repository and advisory channels recommend applying patches. Given the public exploit disclosure and the critical role the AMF plays in 5G core signaling — handling registration, mobility, session management, and paging — unpatched instances are at risk of denial of service or potentially more severe control-plane compromise.
Operators using Free5GC should immediately update to a patched version of the AMF beyond 2.1.1. As a mitigation, restricting network access to the N2 interface to only trusted gNodeBs and implementing NGAP message validation at the network perimeter can reduce the attack surface. This batch of disclosures underscores a recurring theme in open-source 5G Core implementations: as these projects mature, the NGAP protocol layer — a complex, stateful interface — remains a fertile ground for memory safety issues. Expect continued scrutiny of NGAP handlers in Free5GC and sibling projects like Open5GS in the coming months.