Zero Day MonitorZDM

← Back to list

—

CVE-2026-30080

n/a · n/a

CVE-2026-30080: OpenAirInterface v2.2.0 accepts Security Mode Complete without any integrity protection. Configuration has supported int

Description

OpenAirInterface v2.2.0 accepts Security Mode Complete without any integrity protection. Configuration has supported integrity NIA1 and NIA2. But if an UE sends initial registration request with only security capability IA0, OpenAirInterface accepts and proceeds. This downgrade security context can lead to the possibility of replay attack.

Affected Products

Vendor	Product	Versions
n/a	n/a	n/a, 2.2.0

References

https://gitlab.eurecom.fr/oai/cn5g/oai-cn5g-amf/-/issues/78

Related News (1 articles)

Tier C

VulDB6h ago

CVE-2026-30080 | OpenAirInterface oai-cn5g-amf 2.2.0 Security Mode downgrade

→ No new info (linked only)

CISA KEV❌ No

Actively exploited❌ No

PublishedApr 8, 2026

Last enriched5h agov2

Tags

downgradesecurity

Trending Score27

Source articles1

Independent1

Info Completeness6/14

Missing: cvss, epss, cwe, kev, exploit, patch, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

CRITICALCVE-2023-46945EXP

CVE-2023-46945: QD 20230821 is vulnerable to Server-side request forgery (SSRF) via a crafted request

HIGHCVE-2026-31040EXP

CVE-2026-31040: A vulnerability was identified in stata-mcp prior to v1.13.0 where insufficient validation of user-supplied Stata do-fil

NONECVE-2025-50671

CVE-2025-50671: A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of parameters in the /xwgl_

NONECVE-2025-50663

A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the name parameter in the /usb_paswd.asp endpoint.

NONECVE-2025-50662

A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the name parameter in the /url_group.asp endpoint.

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

Apr 8, 2026

Discovered by ZDM

Apr 8, 2026

Updated: affectedVersions, severity, tags

Apr 8, 2026

Version History

v2

Last enriched 5h ago

v2Tier C5h ago

Updated vendor to OpenAirInterface, product to oai-cn5g-amf, set severity to HIGH, and added tags related to downgrade and security.

affectedVersionsseveritytags

via VulDB

v17h ago

Initial creation