CVE-2026-30077
HIGHCVSS 7.5/10EPSS 0.27%
Last modified
CVE-2026-30077 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. OpenAirInterface V2.2.0 AMF crashes when it fails to decode the message. Not all decode failures result in a crash. EPSS estimates a 0.27% chance of exploitation in the next 30 days.
Description
OpenAirInterface V2.2.0 AMF crashes when it fails to decode the message. Not all decode failures result in a crash. But the crash is consistent for particular inputs. An example input in hex stream is 80 00 00 0E 00 00 01 00 0F 80 02 02 40 00 58 00 01 88.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Openairinterface | Openairinterface | 2.2.0 |
References
- https://gitlab.eurecom.fr/oai/cn5g/oai-cn5g-amf/-/issues/76Issue Tracking, Third Party Advisory
- https://gitlab.eurecom.fr/oai/cn5g/oai-cn5g-amf/-/merge_requests/414Issue Tracking, Mitigation
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2026-30077?
OpenAirInterface V2.2.0 AMF crashes when it fails to decode the message. Not all decode failures result in a crash. But the crash is consistent for particular inputs. An example input in hex stream is 80 00 00 0E 00 00 01 00 0F 80 02 02 40 00 58 00 01 88.
How severe is CVE-2026-30077?
CVE-2026-30077 has a CVSS score of 7.5/10 (HIGH severity). The EPSS model estimates a 0.27% probability of exploitation in the next 30 days.
How do I fix CVE-2026-30077?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.
Are you affected by CVE-2026-30077?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST