Four Memory Corruption CVEs Disclosed in Free5GC AMF NGAP Handlers
Four medium-severity memory corruption vulnerabilities were disclosed in the Free5GC Access and Mobility Management Function, all affecting NGAP message handlers with public exploits available.
On May 23, 2026, four CVEs were published targeting the Free5GC AMF (Access and Mobility Management Function), a core component of the open-source 5G Core network project (formerly omec-project). All four vulnerabilities — CVE-2026-9298, CVE-2026-9299, CVE-2026-9300, and CVE-2026-9301 — share a CVSSv3 score of 6.3 (Medium) and the same root cause: memory corruption triggered via malformed NGAP (Next Generation Application Protocol) messages. Exploits for all four have been made public, raising the urgency for operators running 5G Core testbeds or production deployments based on Free5GC.
The four CVEs cluster around distinct NGAP message handlers, each of which processes a specific 5G signaling procedure. CVE-2026-9298 targets the PathSwitchRequest Handler, responsible for handling path switch requests during handovers between gNodeBs. A crafted PathSwitchRequest message can corrupt memory in the AMF's NGAP processing pipeline. CVE-2026-9299 affects the PDUSessionResourceModifyIndication function in the file /go/src/amf/ngap/handler.go, which processes PDU session resource modification indications from the radio access network; a malformed indication triggers memory corruption.
CVE-2026-9300 resides in the NGSetupRequest Handler, which handles the initial NGAP setup procedure between the AMF and a gNodeB. An attacker able to reach this interface can trigger corruption during the setup negotiation. CVE-2026-9301 is in the NGReset Message Handler, which processes reset messages used to reinitialize NGAP associations. Memory corruption here could allow an attacker to destabilize the control plane.
All four vulnerabilities are remotely exploitable — an attacker with network access to the AMF's N2 interface (the signaling interface between the radio access network and the 5G Core) can send specially crafted NGAP messages to trigger the flaws. The fact that all four exploits have been publicly disclosed means that proof-of-concept code is available, lowering the barrier for adversaries.
The affected software is the omec-project AMF (Free5GC's AMF implementation) up to and including version 2.1.1. The project's repository and advisory channels recommend applying patches. Given the public exploit disclosure and the critical role the AMF plays in 5G core signaling — handling registration, mobility, session management, and paging — unpatched instances are at risk of denial of service or potentially more severe control-plane compromise.
Operators using Free5GC should immediately update to a patched version of the AMF beyond 2.1.1. As a mitigation, restricting network access to the N2 interface to only trusted gNodeBs and implementing NGAP message validation at the network perimeter can reduce the attack surface. This batch of disclosures underscores a recurring theme in open-source 5G Core implementations: as these projects mature, the NGAP protocol layer — a complex, stateful interface — remains a fertile ground for memory safety issues. Expect continued scrutiny of NGAP handlers in Free5GC and sibling projects like Open5GS in the coming months.