CVE-2026-14624

Source
https://cve.org/CVERecord?id=CVE-2026-14624
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-14624.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-14624
Published
2026-07-04T10:15:10.107Z
Modified
2026-07-15T01:49:03.827774949Z
Severity
  • 2.1 (Low) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P CVSS Calculator
Summary
omec-project amf NGSetupRequest handler.go denial of service
Details

A vulnerability was identified in omec-project amf up to 2.0.2/2.1.1. Impacted is an unknown function of the file /go/src/amf/ngap/handler.go of the component NGSetupRequest Handler. The manipulation leads to denial of service. It is possible to initiate the attack remotely. The exploit is publicly available and might be used. The identifier of the patch is 34bc6724acc97dba1f8691e586da95b042cb612d. To fix this issue, it is recommended to deploy a patch.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/14xxx/CVE-2026-14624.json",
    "cwe_ids": [
        "CWE-404"
    ],
    "cna_assigner": "VulDB"
}
References

Affected packages

Git / github.com/omec-project/amf

Affected ranges

Type
GIT
Repo
https://github.com/omec-project/amf
Events
Database specific
{
    "extracted_events": [
        {
            "introduced": "2.0.0"
        },
        {
            "last_affected": "2.0.0"
        },
        {
            "introduced": "2.0.1"
        },
        {
            "last_affected": "2.0.1"
        },
        {
            "introduced": "2.0.2"
        },
        {
            "last_affected": "2.0.2"
        },
        {
            "introduced": "2.1.0"
        },
        {
            "last_affected": "2.1.0"
        },
        {
            "introduced": "2.1.1"
        },
        {
            "last_affected": "2.1.1"
        }
    ],
    "source": [
        "AFFECTED_FIELD",
        "REFERENCES"
    ]
}

Affected versions

2.*
2.0.0
2.0.1
2.0.2
2.1.0
2.1.1
v2.*
v2.0.0
v2.0.1
v2.0.2
v2.1.0
v2.1.1
v2.1.2

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-14624.json"