CVE-2026-37227
Assert(0) Crash in FlexRIC Near-RT RIC via E2AP PDU
Publication date: 2026-06-01
Last updated on: 2026-06-01
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| eurecom | flexric | to 6a595d8b (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-37227 is a vulnerability in FlexRIC v2.0.0 where certain message handlers contain reachable assertion calls (assert(0)) for whitelisted but unimplemented E2AP message types in the near-RT RIC component.
An unauthenticated remote attacker can send a decodable E2AP Protocol Data Unit (PDU) of such a whitelisted but unimplemented type to the near-RT RIC process on port 36421. Although the message passes whitelist validation, it triggers an unconditional assertion failure in the handler, causing the process to abort via SIGABRT.
This vulnerability is classified as a reachable assertion (CWE-617) and affects multiple E2AP message types such as E2nodeConfigurationUpdate and others.
How can this vulnerability impact me? :
This vulnerability allows a remote unauthenticated attacker to cause a denial of service by crashing the near-RT RIC process.
By sending specially crafted E2AP messages of certain whitelisted but unimplemented types, the attacker can trigger assertion failures that abort the process, potentially disrupting services relying on the near-RT RIC.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for crashes of the near-RT RIC process on port 36421, which occur due to receipt of specific whitelisted but unimplemented E2AP message types that trigger assertion failures.
To detect exploitation attempts, you can capture and analyze SCTP traffic on port 36421 for E2AP PDUs of the affected message types such as E2nodeConfigurationUpdate, RIC_SUBSCRIPTION_FAILURE, and others.
- Use tcpdump or tshark to capture SCTP packets on port 36421: tcpdump -i <interface> port 36421
- Filter captured traffic for E2AP PDUs matching the vulnerable message types using protocol analysis tools like Wireshark or tshark.
- Monitor system logs and process status for unexpected near-RT RIC process terminations or SIGABRT signals.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation involves restricting access to the E2 SCTP port 36421 to trusted nodes only, preventing unauthenticated remote attackers from sending malicious E2AP PDUs.
Additionally, modifying the stub message handlers in the near-RT RIC software to avoid calling assert(0) on unimplemented message types is recommended. Instead, handlers should return protocol errors or ignore unsupported messages to prevent process crashes.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.