CVE-2026-8782: AMF Vulnerable to Improper Resource Shutdown or Release

May 18, 2026 (updated May 28, 2026)

A weakness has been identified in omec-project amf up to 2.1.3-dev. This affects an unknown function of the file ngap/handler.go of the component NGAP Message Handler. This manipulation causes null pointer dereference. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be used for attacks. Upgrading to version 2.2.0 mitigates this issue. It is recommended to upgrade the affected component. The same pull request fixes multiple security issues.

References

github.com/advisories/GHSA-6h8r-h22r-jj64
github.com/omec-project/amf
github.com/omec-project/amf/issues/674
github.com/omec-project/amf/pull/666
github.com/omec-project/amf/releases/tag/v2.2.0
nvd.nist.gov/vuln/detail/CVE-2026-8782
vuldb.com/submit/811654
vuldb.com/vuln/364406
vuldb.com/vuln/364406/cti

Code Behaviors & Features

Detect and mitigate CVE-2026-8782 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →