CVE-2026-8783: AMF Vulnerable to Improper Resource Shutdown or Release

May 18, 2026 (updated May 28, 2026)

A security vulnerability has been detected in omec-project amf up to 2.1.3-dev. This impacts the function UERadioCapabilityCheckResponse of the file ngap/dispatcher.go. Such manipulation leads to null pointer dereference. The attack can be executed remotely. The exploit has been disclosed publicly and may be used. Upgrading to version 2.2.0 will fix this issue. Upgrading the affected component is advised. The same pull request fixes multiple security issues.

References

github.com/advisories/GHSA-6v92-ph9p-hrpc
github.com/omec-project/amf
github.com/omec-project/amf/issues/675
github.com/omec-project/amf/pull/666
github.com/omec-project/amf/releases/tag/v2.2.0
nvd.nist.gov/vuln/detail/CVE-2026-8783
vuldb.com/submit/811655
vuldb.com/vuln/364407
vuldb.com/vuln/364407/cti

Code Behaviors & Features

Detect and mitigate CVE-2026-8783 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →