CVE-2026-8780 — AMF Improperly Restricts Operations within the Bounds of a Memory Buffer

Description

A vulnerability was identified in omec-project amf up to 2.1.3-dev. The affected element is an unknown function of the file ngap/dispatcher.go of the component NGAP Message Handler. The manipulation leads to memory corruption. The attack may be initiated remotely. The exploit is publicly available and might be used. Upgrading to version 2.2.0 is sufficient to fix this issue. It is suggested to upgrade the affected component. The same pull request fixes multiple security issues.

How to fix CVE-2026-8780

To remediate CVE-2026-8780, upgrade the affected package to a fixed version below.

—upgrade to 2.2.0 or later

Is CVE-2026-8780 being exploited?

Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

from 0, < 2.2.0

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 4.0	—	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P
osv	CVSS 3.1	MEDIUM4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

References (8)

ADVISORYnvd.nist.gov/vuln/detail/CVE-2026-8780
PATCHgithub.com/omec-project/amf
WEBgithub.com/omec-project/amf/issues/670
WEBgithub.com/omec-project/amf/pull/666
WEBgithub.com