CVE-2026-37235
7.5 HIGHFlexRIC v2.0.0 trusts the xapp_id field from E42 message payloads without binding it to the sender's SCTP association
Published: 2026-06-01 · Last updated: 2026-06-03
Severity and scoring
- CVSS
- 7.5 HIGH
- Vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
- CWE
- CWE-284
Affected products
| Vendor | Product |
|---|---|
| mosaic5g | flexric |
Description
FlexRIC v2.0.0 trusts the xapp_id field from E42 message payloads without binding it to the sender's SCTP association. The validation function valid_xapp_id() only checks that the value is within the assigned range. A remote unauthenticated attacker can impersonate any xApp by specifying their xapp_id in requests sent to the iApp (port 36422), causing responses to be misrouted to the victim xApp. This can crash the victim xApp, the RIC, or the iApp itself through state inconsistencies in the red-black tree data structure.
Source: NVD
References
Related CVEs
Same vendor
- CVE-2026-37234 — FlexRIC v2.0.0 allows a single SCTP connection to bind multiple xapp_ids by sending multiple E42_SETUP_REQUESTs (8.2 HIGH)
- CVE-2026-37233 — FlexRIC v2.0.0 contains an authorization bypass in the iApp's xApp isolation mechanism (7.5 HIGH)
- CVE-2026-37231 — FlexRIC v2.0.0 uses a uint16_t counter for xapp_id assignment but stores the value in uint32_t message fields (7.5 HIGH)
- CVE-2026-37230 — FlexRIC v2.0.0 crashes when the near-RT RIC receives a RIC_INDICATION message with a ran_func_id that does not exist in its registry (7.5 HIGH)
- CVE-2026-37229 — FlexRIC v2.0.0 contains a reachable assertion in e2ap_create_pdu() triggered when ASN.1 PER decoding fails (7.5 HIGH)
Same CWE
- CVE-2026-12212 — A vulnerability has been found in hcengineering Huly Platform up to 0.7.0 (4.3 MEDIUM)
- CVE-2026-12203 — A vulnerability was found in HKUDS AI-Trader up to 74caf996f78dcc0c657df8365c8544678a16e215 (5.3 MEDIUM)
- CVE-2026-53520 — Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool (6.5 MEDIUM)
- CVE-2026-44783 — Discourse is an open-source discussion platform (5.4 MEDIUM)
- CVE-2026-47182 — Frappe is a full-stack web application framework