top of page
perceptive_background_267k.jpg

FlexRIC v2.0.0 uses hardcoded assertions to validate Information Element (IE) counts in decoded E2AP messages. A remote unauthenticated attacker can send a vali…

Published:

31 May 2026 at 22:00:00

Alert date:

1 June 2026 at 20:04:42

Source:

nvd.nist.gov

Click to open the original link from this advisory

Network Infrastructure, Critical Infrastructure

FlexRIC v2.0.0 contains a vulnerability where hardcoded assertions are used to validate Information Element counts in E2AP messages instead of proper protocol range validation. A remote unauthenticated attacker can exploit this by sending valid E2AP PDUs with unexpected IE counts, such as E2setupRequest messages with extra optional fields. This causes the application to crash via SIGABRT signal, affecting both near-RT RIC on port 36421 and iApp on port 36422. The vulnerability stems from improper input validation in telecommunications protocol handling.

Technical details

Mitigation steps:

Affected products:

FlexRIC

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2026-37222
https://github.com/MinamiKotor1/oran-security-advisories-zhongnan-luo/blob/main/advisories/CVE-2026-37222.md
https://gitlab.eurecom.fr/mosaic5g/flexric

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Disclaimer: Deze website toont informatie afkomstig van externe bronnen. Perceptive aanvaardt geen verantwoordelijkheid voor de inhoud, juistheid of volledigheid van deze informatie.

bottom of page