Back to overview

CVE-2026-14624

MEDIUM
4.3
CVSS 3.1
Description
A vulnerability was identified in omec-project amf up to 2.0.2/2.1.1. Impacted is an unknown function of the file /go/src/amf/ngap/handler.go of the component NGSetupRequest Handler. The manipulation leads to denial of service. It is possible to initiate the attack remotely. The exploit is publicly available and might be used. The identifier of the patch is 34bc6724acc97dba1f8691e586da95b042cb612d. To fix this issue, it is recommended to deploy a patch.

Metadata

CVE ID
CVE-2026-14624
State
PUBLISHED
Assigner
VulDB
Reserved
2026-07-03 17:01 UTC
Published
2026-07-04 10:15 UTC
Last updated
2026-07-04 10:15 UTC
Primary CWE
CWE-404
Denial of Service
Vendor / Product
omec-project / amf
Sources
cve.org  ·  NVD

Severity & Metrics

4.3 MEDIUM CVSS 3.1
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C
Affected products (1)
VendorProductPlatformVersions
omec-project amf 2.0.0, 2.0.1, 2.0.2, 2.1.0 …
Weakness (CWE)
CWESourceDescription
CWE-404 cna Denial of Service
CVSS scores (4)
ScoreSeverityVersionSourceVector
5.3 MEDIUM 4.0 cna CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P
4.3 MEDIUM 3.1 cna CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C
4.3 MEDIUM 3.0 cna CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C
4.0 N/D 2.0 cna AV:N/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C
References (8)
Back to overview