What is GHSA-4qf2-p32m-7hmf?

GHSA-4qf2-p32m-7hmf is a security advisory published by GitHub Security Advisories with Low severity. AMF Vulnerable to Improper Resource Shutdown or Release

Which CVE IDs does GHSA-4qf2-p32m-7hmf cover?

GHSA-4qf2-p32m-7hmf covers the following CVE IDs: CVE-2026-8781. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-4qf2-p32m-7hmf?

GHSA-4qf2-p32m-7hmf has a CVSS v3 base score of 4.3, published by GitHub Security Advisories.

Which products are affected by GHSA-4qf2-p32m-7hmf?

GHSA-4qf2-p32m-7hmf affects 1 product, including: go/github.com/omec-project/amf:\u003c 2.2.0.

GHSA-4qf2-p32m-7hmfLowCVSS 4.3

AMF Vulnerable to Improper Resource Shutdown or Release

Vendor

GitHub Security Advisories

Published

May 18, 2026

Last Modified

May 28, 2026

🔗 CVE IDs covered (1)

CVE-2026-8781 →

📋 Description

A security flaw has been discovered in omec-project amf up to 2.1.3-dev. The impacted element is the function RANConfiguration of the file ngap/handler.go. The manipulation results in null pointer dereference. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks. Upgrading to version 2.2.0 is sufficient to resolve this issue. Upgrading the affected component is recommended. The same pull request fixes multiple security issues.

🎯 Affected products1

go/github.com/omec-project/amf:< 2.2.0

🔗 References (9)

https://nvd.nist.gov/vuln/detail/CVE-2026-8781
https://github.com/omec-project/amf/issues/673
https://github.com/omec-project/amf/pull/666
https://github.com/omec-project/amf
https://github.com/omec-project/amf/releases/tag/v2.2.0
https://vuldb.com/submit/811653
https://vuldb.com/vuln/364405
https://vuldb.com/vuln/364405/cti
https://github.com/advisories/GHSA-4qf2-p32m-7hmf