CVE-2026-37220
Deferred Deferred - Pending Action
FlexRIC v2.0.0 SCTP Association Crash via Premature Disconnection

Publication date: 2026-06-01

Last updated on: 2026-06-01

Assigner: MITRE

Description
FlexRIC v2.0.0 crashes when an SCTP association is closed before an E2_SETUP_REQUEST is sent. The near-RT RIC assumes a mapping between SCTP association and E2 node always exists in the cleanup path and enforces this via assert(). A remote unauthenticated attacker can crash the near-RT RIC (port 36421) by simply completing an SCTP handshake and immediately disconnecting, without sending any E2AP message.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-01
Last Modified
2026-06-01
Generated
2026-06-21
AI Q&A
2026-06-01
EPSS Evaluated
2026-06-20
NVD
CVE-2026-37220
EUVD
EUVD-2026-33659
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
mosaic5g flexric 2.0.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-617 The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-37220 is a vulnerability in FlexRIC v2.0.0 where the near-RT RIC crashes when an SCTP association is closed before an E2_SETUP_REQUEST is sent.

The problem occurs because the cleanup process assumes there is always a mapping between the SCTP association and an E2 node. If this mapping does not exist, an assertion failure happens, causing the RIC process to terminate.

A remote unauthenticated attacker can exploit this by connecting to the SCTP port 36421, completing the handshake, and then immediately disconnecting without sending any E2AP message, which triggers the crash.

Impact Analysis

This vulnerability can cause a denial of service (DoS) by crashing the near-RT RIC process.

An attacker does not need to be authenticated and can trigger the crash remotely by simply connecting and disconnecting from the SCTP port without sending any valid messages.

This can disrupt the normal operation of the FlexRIC system, potentially affecting network functions that rely on the near-RT RIC.

Detection Guidance

This vulnerability can be detected by monitoring SCTP connections to the near-RT RIC on port 36421. Specifically, detection involves identifying SCTP handshakes that complete and then immediately disconnect without sending any E2AP messages, which triggers the crash.

To detect such activity, you can use network monitoring tools or commands that capture SCTP traffic on port 36421 and analyze connection patterns.

  • Use tcpdump to capture SCTP traffic on port 36421: tcpdump -i <interface> port 36421 and sctp
  • Analyze SCTP association states to find connections that establish and close quickly without further E2AP messages.
  • Monitor logs of the near-RT RIC process for assertion failures or crashes related to SCTP association cleanup.
Mitigation Strategies

Immediate mitigation involves restricting SCTP access to the near-RT RIC on port 36421 to trusted nodes only, preventing unauthenticated attackers from establishing SCTP associations.

Since no upstream fix was available at the time of disclosure, network-level controls such as firewall rules or SCTP access control lists should be implemented to block unauthorized SCTP connections.

Compliance Impact

The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-37220. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart