CVE-2026-37223
Deferred Deferred - Pending Action
Assertion Failure in FlexRIC iApp Message Dispatcher

Publication date: 2026-06-01

Last updated on: 2026-06-01

Assigner: MITRE

Description
FlexRIC v2.0.0 contains a reachable assertion in the iApp message dispatcher. The dispatcher validates incoming E2AP messages against a 9-entry whitelist using assert(). A remote unauthenticated attacker can send any decodable E2AP PDU with a message type not in the whitelist to crash the iApp process (port 36422) via SIGABRT. Since iApp and the near-RT RIC share one process, this terminates the entire RIC service and disconnects all E2 Nodes and xApps.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-01
Last Modified
2026-06-01
Generated
2026-06-22
AI Q&A
2026-06-01
EPSS Evaluated
2026-06-20
NVD
CVE-2026-37223
EUVD
EUVD-2026-33697
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
mosaic5g flexric 2.0.0
minamikotor1 flexric 2.0.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-617 The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-37223 is a vulnerability in FlexRIC v2.0.0 involving a reachable assertion in the iApp message dispatcher.

The dispatcher validates incoming E2AP messages against a fixed 9-entry whitelist using an assert() function. If a remote unauthenticated attacker sends any decodable E2AP PDU with a message type not in this whitelist to SCTP port 36422, the assertion fails and causes the iApp process to crash via a SIGABRT signal.

Since the iApp and the near-RT RIC share the same process in common deployments, this crash terminates the entire RIC service and disconnects all E2 Nodes and xApps.

Impact Analysis

This vulnerability can be exploited remotely by an unauthenticated attacker to crash the iApp process, which also terminates the near-RT RIC service since they share the same process.

The impact is a denial of service (DoS) condition where all E2 Nodes and xApps connected to the RIC service are disconnected, potentially disrupting network operations and services relying on these components.

Detection Guidance

This vulnerability can be detected by monitoring network traffic for unexpected or unsupported E2AP message types sent to SCTP port 36422, which is used by the iApp message dispatcher.

One way to detect potential exploitation attempts is to capture and analyze SCTP traffic on port 36422 to identify any decodable E2AP PDUs with message types not in the expected whitelist.

  • Use tcpdump or tshark to capture SCTP traffic on port 36422, for example: tcpdump -i <interface> port 36422
  • Use tshark to filter and decode E2AP messages and look for unsupported message types.

Additionally, monitoring the iApp process for unexpected crashes or SIGABRT signals can indicate exploitation attempts.

Mitigation Strategies

Immediate mitigation steps include restricting network access to SCTP port 36422 to prevent unauthenticated remote attackers from sending malicious E2AP messages.

Since no upstream fix was available at the time of disclosure, network-level controls such as firewall rules or access control lists should be applied to limit exposure.

Longer term, improving the iApp message dispatcher to handle unsupported message types gracefully instead of using assertions is recommended.

Compliance Impact

The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-37223. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart