CVE-2026-37226
FlexRIC iApp Crash via Invalid E2 Node Subscription
Publication date: 2026-06-01
Last updated on: 2026-06-01
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| minamikotor1 | flexric | 2.0.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.
Can you explain this vulnerability to me?
CVE-2026-37226 is a vulnerability in FlexRIC v2.0.0 where the iApp component crashes when it receives a subscription request referencing a non-existent E2 Node.
The crash happens because the lookup function returns NULL for the non-existent node, which triggers an assertion failure in debug builds (causing the process to abort) and a null pointer dereference in release builds (causing a segmentation fault).
A remote unauthenticated attacker can exploit this by sending a specially crafted E42_RIC_SUBSCRIPTION_REQUEST with an arbitrary global_e2_node_id to the iApp's SCTP port 36422, causing the iApp process to crash.
How can this vulnerability impact me? :
This vulnerability can cause a denial of service (DoS) condition by crashing the iApp process and any co-located RIC services.
Since the attacker does not need to be authenticated and can trigger the crash remotely, it can disrupt the availability of the affected system, potentially impacting network operations relying on FlexRIC.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for crashes or abnormal terminations of the FlexRIC iApp process, which listens on SCTP port 36422. Specifically, look for SIGABRT or SIGSEGV signals indicating a crash caused by malformed E42_RIC_SUBSCRIPTION_REQUEST messages referencing non-existent E2 nodes.
Network detection can involve capturing and analyzing SCTP traffic on port 36422 to identify suspicious subscription requests with arbitrary or invalid global_e2_node_id values.
Suggested commands include:
- Use netstat or ss to monitor SCTP connections on port 36422: `ss -t -a | grep 36422`
- Use tcpdump or tshark to capture SCTP packets on port 36422: `tcpdump -i <interface> port 36422`
- Check system logs or journalctl for crash reports related to the iApp process.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to the FlexRIC iApp service on SCTP port 36422 to trusted clients only, preventing unauthenticated remote attackers from sending malicious subscription requests.
Additionally, implement validation of E2 node subscription requests to ensure that only valid and existing global_e2_node_id values are accepted, reducing the risk of triggering the crash.
Since no official fix is available yet, these access control and input validation measures are critical to prevent denial of service.