CVE-2026-37222
Deferred Deferred - Pending Action
Hardcoded Assertion Bypass in FlexRIC v2.0.0

Publication date: 2026-06-01

Last updated on: 2026-06-01

Assigner: MITRE

Description
FlexRIC v2.0.0 uses hardcoded assertions to validate Information Element (IE) counts in decoded E2AP messages. A remote unauthenticated attacker can send a valid E2AP PDU containing an unexpected number of IEs (e.g., an E2setupRequest with extra optional fields) to crash the near-RT RIC (port 36421) or iApp (port 36422) via SIGABRT. The code asserts exact IE counts rather than validating against protocol-specified ranges.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-01
Last Modified
2026-06-01
Generated
2026-06-22
AI Q&A
2026-06-01
EPSS Evaluated
2026-06-20
NVD
CVE-2026-37222
EUVD
EUVD-2026-33696
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
mosaic5g flexric 2.0.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-617 The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-37222 is a vulnerability in FlexRIC v2.0.0 where the software uses hardcoded assertions to check the exact number of Information Elements (IEs) in decoded E2AP messages.

Because the code expects an exact count rather than validating against the protocol's allowed ranges, a remote unauthenticated attacker can send a valid E2AP Protocol Data Unit (PDU) with an unexpected number of IEs, such as an E2setupRequest containing extra optional fields.

This causes the near-RT RIC or iApp processes listening on ports 36421 or 36422 to crash via a SIGABRT signal, resulting in a denial of service.

Impact Analysis

This vulnerability can be exploited remotely by an unauthenticated attacker to crash critical components of the FlexRIC system, specifically the near-RT RIC or iApp processes.

The impact is a denial of service (DoS), where the affected services terminate unexpectedly, potentially disrupting network operations that rely on these components.

Such crashes can lead to service unavailability, degraded performance, and may require manual intervention or system restarts to recover.

Detection Guidance

This vulnerability can be detected by monitoring network traffic for SCTP packets sent to ports 36421 or 36422 that contain E2AP PDUs, specifically E2setupRequest messages with unexpected or extra optional Information Elements (IEs).

To detect potential exploitation attempts, you can use packet capture and analysis tools such as tcpdump or tshark to filter SCTP traffic on these ports and inspect the E2AP message contents.

  • Use tcpdump to capture SCTP packets on ports 36421 and 36422: tcpdump -i <interface> port 36421 or port 36422 and sctp
  • Use tshark to filter and analyze E2AP PDUs, looking for E2setupRequest messages with unexpected IE counts.

Since the vulnerability arises from unexpected IE counts causing crashes, monitoring for process crashes or SIGABRT signals on the FlexRIC service can also indicate exploitation attempts.

Mitigation Strategies

Immediate mitigation steps include restricting SCTP access to ports 36421 and 36422 to trusted peers only, preventing unauthenticated remote attackers from sending crafted E2AP PDUs.

Additionally, monitoring and limiting network exposure of the FlexRIC service can reduce the attack surface.

A long-term fix involves updating the E2AP message decoder to validate IE counts against protocol-specified ranges and handle unsupported variants gracefully by returning protocol errors instead of using hardcoded assertions that cause crashes.

Compliance Impact

The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-37222. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart