Unrated severityNVD Advisory· Published May 23, 2026

omec-project amf handler.go PDUSessionResourceModifyIndication memory corruption

CVE-2026-9299

Description

A flaw has been found in omec-project amf up to 2.1.1. Affected by this issue is the function PDUSessionResourceModifyIndication of the file /go/src/amf/ngap/handler.go. This manipulation causes memory corruption. Remote exploitation of the attack is possible. The exploit has been published and may be used. Applying a patch is the recommended action to fix this issue.

Affected products

Free5gc/Amfinferred2 versions
<=2.1.1+ 1 more
- (no CPE)range: <=2.1.1
- (no CPE)range: <=2.1.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/omec-project/amf/pull/666mitreissue-trackingpatch
github.com/omec-project/amf/issues/681mitreexploitissue-tracking
vuldb.com/submit/811829mitrethird-party-advisory
vuldb.com/vuln/365246mitrevdb-entrytechnical-description
vuldb.com/vuln/365246/ctimitresignaturepermissions-required

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000