CVE-2026-37227
Deferred Deferred - Pending Action
Assert(0) Crash in FlexRIC Near-RT RIC via E2AP PDU

Publication date: 2026-06-01

Last updated on: 2026-06-01

Assigner: MITRE

Description
FlexRIC v2.0.0 contains reachable assert(0) calls in stub message handlers for whitelisted but unimplemented E2AP message types in the near-RT RIC. A remote unauthenticated attacker can send a decodable E2AP PDU of such a type (e.g., E2nodeConfigurationUpdate) to crash the near-RT RIC process (port 36421) via SIGABRT. The message passes whitelist validation but triggers an unconditional assertion in the handler.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-01
Last Modified
2026-06-01
Generated
2026-06-21
AI Q&A
2026-06-01
EPSS Evaluated
2026-06-20
NVD
CVE-2026-37227
EUVD
EUVD-2026-33700
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
eurecom flexric to 6a595d8b (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-617 The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Executive Summary

CVE-2026-37227 is a vulnerability in FlexRIC v2.0.0 where certain message handlers contain reachable assertion calls (assert(0)) for whitelisted but unimplemented E2AP message types in the near-RT RIC component.

An unauthenticated remote attacker can send a decodable E2AP Protocol Data Unit (PDU) of such a whitelisted but unimplemented type to the near-RT RIC process on port 36421. Although the message passes whitelist validation, it triggers an unconditional assertion failure in the handler, causing the process to abort via SIGABRT.

This vulnerability is classified as a reachable assertion (CWE-617) and affects multiple E2AP message types such as E2nodeConfigurationUpdate and others.

Impact Analysis

This vulnerability allows a remote unauthenticated attacker to cause a denial of service by crashing the near-RT RIC process.

By sending specially crafted E2AP messages of certain whitelisted but unimplemented types, the attacker can trigger assertion failures that abort the process, potentially disrupting services relying on the near-RT RIC.

Detection Guidance

This vulnerability can be detected by monitoring for crashes of the near-RT RIC process on port 36421, which occur due to receipt of specific whitelisted but unimplemented E2AP message types that trigger assertion failures.

To detect exploitation attempts, you can capture and analyze SCTP traffic on port 36421 for E2AP PDUs of the affected message types such as E2nodeConfigurationUpdate, RIC_SUBSCRIPTION_FAILURE, and others.

  • Use tcpdump or tshark to capture SCTP packets on port 36421: tcpdump -i <interface> port 36421
  • Filter captured traffic for E2AP PDUs matching the vulnerable message types using protocol analysis tools like Wireshark or tshark.
  • Monitor system logs and process status for unexpected near-RT RIC process terminations or SIGABRT signals.
Mitigation Strategies

Immediate mitigation involves restricting access to the E2 SCTP port 36421 to trusted nodes only, preventing unauthenticated remote attackers from sending malicious E2AP PDUs.

Additionally, modifying the stub message handlers in the near-RT RIC software to avoid calling assert(0) on unimplemented message types is recommended. Instead, handlers should return protocol errors or ignore unsupported messages to prevent process crashes.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-37227. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart