CVE-2026-8780: AMF Improperly Restricts Operations within the Bounds of a Memory Buffer

May 18, 2026 (updated May 28, 2026)

A vulnerability was identified in omec-project amf up to 2.1.3-dev. The affected element is an unknown function of the file ngap/dispatcher.go of the component NGAP Message Handler. The manipulation leads to memory corruption. The attack may be initiated remotely. The exploit is publicly available and might be used. Upgrading to version 2.2.0 is sufficient to fix this issue. It is suggested to upgrade the affected component. The same pull request fixes multiple security issues.

References

github.com/advisories/GHSA-3x4g-259h-5p7c
github.com/omec-project/amf
github.com/omec-project/amf/issues/670
github.com/omec-project/amf/pull/666
github.com/omec-project/amf/releases/tag/v2.2.0
nvd.nist.gov/vuln/detail/CVE-2026-8780
vuldb.com/submit/811617
vuldb.com/vuln/364404
vuldb.com/vuln/364404/cti

Code Behaviors & Features

Detect and mitigate CVE-2026-8780 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →