{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2026-30080", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2026-04-08T16:04:37.407Z", "dateReserved": "2026-03-04T00:00:00.000Z", "datePublished": "2026-04-08T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-04-08T16:04:37.407Z"}, "descriptions": [{"lang": "en", "value": "OpenAirInterface v2.2.0 accepts Security Mode Complete without any integrity protection. Configuration has supported integrity NIA1 and NIA2. But if an UE sends initial registration request with only security capability IA0, OpenAirInterface accepts and proceeds. This downgrade security context can lead to the possibility of replay attack."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://gitlab.eurecom.fr/oai/cn5g/oai-cn5g-amf/-/issues/78"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}}, "dataVersion": "5.2"}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "OpenAirInterface v2.2.0 accepts Security Mode Complete without any integrity protection. Configuration has supported integrity NIA1 and NIA2. But if an UE sends initial registration request with only security capability IA0, OpenAirInterface accepts and proceeds. This downgrade security context can lead to the possibility of replay attack."}], "id": "CVE-2026-30080", "lastModified": "2026-04-08T21:26:13.410", "metrics": {}, "published": "2026-04-08T17:21:18.623", "references": [{"source": "cve@mitre.org", "url": "https://gitlab.eurecom.fr/oai/cn5g/oai-cn5g-amf/-/issues/78"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Awaiting Analysis"}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "2.2.0"}}], "enrichment": {"confidence": 100.0, "confidence_source": "manual", "scores": [{"score": 100.0, "source": "manual"}]}, "original": {"product": "n/a", "source": "cna", "vendor": "n/a"}, "product": "oai-cn5g-amf", "vendor": "openairinterface"}], "analysis": {"en": {"generated_at": "2026-04-08T18:21:11.991413+00:00", "value": {"mitigation_remediation": ["Apply any patch released by the OpenAirInterface project that prevents accepting a Security Mode Complete without integral protection. If no patch is available, upgrade to a later community build that addresses the defection.", "Reconfigure the deployment to reject user equipment that advertises IA0 or to enforce the use of NIA1 or NIA2 integrity protection during the security mode establishment.", "Monitor registration traffic for repeated or abnormal Security Mode Complete messages that may indicate replay attempts.", "Stay informed about further advisories from the OpenAirInterface community and apply updates promptly."], "summary": {"action": "Immediate Patch", "impact": "Replay Attack"}, "threat_synthesis": {"affected_systems": "The vulnerability affects the OpenAirInterface 5G core network implementation, specifically version 2.2.0. No other vendors or products are listed as impacted. Precise configuration changes that enable IA0 are required for exploitation.", "description_and_impact": "OpenAirInterface v2.2.0 accepts a Security Mode Complete message without any integrity protection, even when the user equipment reports only IA0 security capability. This flaw allows an attacker to downgrade the security context and send messages lacking integrity guarantees, which can be replayed to conduct unauthorized registration attempts or disturb protocol state. The direct consequence is the potential compromise of session confidentiality and integrity through replay attacks.", "risk_and_exploitability": "No CVSS or EPSS values are provided, and the flaw is not listed in the KEV catalog, so quantitative risk measures are absent. Based on the description, the vulnerability is exploitable by a malicious user equipment or a compromised network element that can send a crafted Security Mode Complete request. The attack does not require privileged access to the core server and can be performed remotely over the air interface, meaning the threat can surface if an attacker gains control of a UE or can intercept traffic."}}}}, "created": "2026-04-08T19:44:45.056036+00:00", "title": "OpenAirInterface 2.2.0 Security Mode Complete Accepts IA0 Leading to Replay Attack", "updated": "2026-04-09T08:22:53.636060+00:00", "vendors": ["openairinterface", "openairinterface$PRODUCT$oai-cn5g-amf"], "weaknesses": ["CWE-290", "CWE-322"]}