CVE-2026-37231
Analyzed Analyzed - Analysis Complete
FlexRIC v2.0.0 xApp ID Wrap-Around Leading to iApp Crash

Publication date: 2026-06-01

Last updated on: 2026-06-03

Assigner: MITRE

Description
FlexRIC v2.0.0 uses a uint16_t counter for xapp_id assignment but stores the value in uint32_t message fields. After 65,530+ E42_SETUP_REQUESTs, the 16-bit counter wraps around and produces duplicate xapp_ids. The iApp (port 36422) crashes when attempting to register a duplicate ID in its internal data structure. A remote attacker can trigger this by repeatedly connecting and requesting new xApp registrations.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-01
Last Modified
2026-06-03
Generated
2026-06-22
AI Q&A
2026-06-01
EPSS Evaluated
2026-06-20
NVD
CVE-2026-37231
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
mosaic5g flexric 2.0.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-191 The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Executive Summary

CVE-2026-37231 is a vulnerability in FlexRIC v2.0.0 caused by inconsistent integer widths used for xapp_id assignment. The system uses a 16-bit counter for assigning xapp_ids but stores these IDs in 32-bit message fields. After about 65,530 assignments, the 16-bit counter wraps around, producing duplicate xapp_ids.

When the iApp receives a duplicate xapp_id during registration, it crashes because its internal data structure detects the duplicate and aborts the process. This can be triggered remotely by repeatedly sending E42_SETUP_REQUEST messages to the iApp's SCTP port 36422.

Impact Analysis

This vulnerability can lead to denial of service (DoS) conditions. Specifically, the iApp crashes when it encounters duplicate xapp_ids caused by the counter wraparound, interrupting normal operation.

An attacker can exploit this by repeatedly connecting and requesting new xApp registrations, causing the iApp to crash and potentially disrupting services relying on FlexRIC.

Detection Guidance

This vulnerability can be detected by monitoring the volume of E42_SETUP_REQUEST messages sent to the iApp SCTP port 36422. An unusually high number of these setup requests may indicate an attempt to trigger the duplicate xapp_id wraparound issue.

You can use network monitoring tools or commands to observe traffic on port 36422 and count the number of E42_SETUP_REQUEST messages.

  • Use tcpdump to capture SCTP traffic on port 36422: tcpdump -i <interface> port 36422
  • Filter and count E42_SETUP_REQUEST messages by analyzing captured packets with Wireshark or tshark.
  • Monitor logs of the iApp for crashes or errors related to duplicate xapp_id registration.
Mitigation Strategies

Immediate mitigation steps include restricting iApp access to only trusted xApps to prevent unauthorized repeated setup requests.

Monitor and limit the volume of E42_SETUP_REQUEST messages to avoid triggering the 16-bit counter wraparound.

Ensure consistent integer widths for xapp_id assignment in the implementation to prevent truncation and duplicate IDs.

Since no upstream fix was available at the time of disclosure, applying network-level controls and monitoring is critical.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-37231. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart