CVE-2026-37224
Deferred Deferred - Pending Action
FlexRIC iApp Process Crash via Duplicate E2 Setup Request

Publication date: 2026-06-01

Last updated on: 2026-06-01

Assigner: MITRE

Description
FlexRIC v2.0.0 crashes when receiving a duplicate E2_SETUP_REQUEST from the same or spoofed E2 Node. The iApp registry enforces node ID uniqueness via assert() rather than graceful rejection. A remote unauthenticated attacker can crash the iApp process (port 36421) by sending two E2_SETUP_REQUESTs with the same E2 node configuration, triggering SIGABRT.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-01
Last Modified
2026-06-01
Generated
2026-06-22
AI Q&A
2026-06-01
EPSS Evaluated
2026-06-20
NVD
CVE-2026-37224
EUVD
EUVD-2026-33698
Affected Vendors & Products
Currently, no data is known.
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-617 The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Executive Summary

CVE-2026-37224 is a high-severity vulnerability in FlexRIC v2.0.0 where the software crashes when it receives a duplicate E2_SETUP_REQUEST message from the same or a spoofed E2 node.

The root cause is that the iApp registry enforces uniqueness of E2 node IDs using an assert() statement rather than handling duplicates gracefully. When two identical setup requests with the same GlobalE2node_ID are sent over SCTP to port 36421, the iApp process aborts, causing a denial of service.

Impact Analysis

This vulnerability can lead to a denial of service by crashing the iApp process in FlexRIC v2.0.0.

A remote unauthenticated attacker can exploit this by sending two E2_SETUP_REQUESTs with the same node configuration, causing the process to abort and disrupting service availability.

Detection Guidance

This vulnerability can be detected by monitoring network traffic for duplicate E2_SETUP_REQUEST messages sent to port 36421 over SCTP. Specifically, look for two or more E2_SETUP_REQUESTs with the same GlobalE2node_ID originating from the same or spoofed E2 nodes.

Commands to help detect this include using packet capture and analysis tools to filter SCTP traffic on port 36421 and identify duplicate setup requests.

  • Use tcpdump to capture SCTP traffic on port 36421: tcpdump -i <interface> port 36421 and sctp
  • Analyze captured packets with Wireshark or tshark to filter and identify duplicate E2_SETUP_REQUEST messages with the same GlobalE2node_ID.
Mitigation Strategies

Immediate mitigation steps include restricting SCTP access to port 36421 to only trusted nodes to prevent unauthorized or spoofed E2_SETUP_REQUEST messages.

Additionally, modifying the iApp registry code to handle duplicate E2 node registrations gracefully instead of using assert() can prevent crashes, though this requires code changes.

Since no official fix was available at the time of disclosure, network-level controls and monitoring are critical to reduce the risk of denial of service.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-37224. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart