top of page
perceptive_background_267k.jpg

FlexRIC v2.0.0 contains a reachable assertion in the iApp message dispatcher. The dispatcher validates incoming E2AP messages against a 9-entry whitelist using …

Published:

31 May 2026 at 22:00:00

Alert date:

1 June 2026 at 22:04:03

Source:

nvd.nist.gov

Click to open the original link from this advisory

Network Infrastructure, Critical Infrastructure

FlexRIC v2.0.0 contains a critical vulnerability in the iApp message dispatcher that allows remote unauthenticated attackers to crash the entire RIC service. The vulnerability exists in the E2AP message validation logic which uses assert() against a 9-entry whitelist. Attackers can send malformed E2AP PDU messages to trigger a SIGABRT signal, causing process termination. This affects the near-RT RIC service and disconnects all E2 Nodes and xApps, resulting in complete service disruption. The vulnerability is accessible via port 36422 and requires no authentication.

Technical details

Mitigation steps:

Affected products:

FlexRIC

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2026-37223
https://github.com/MinamiKotor1/oran-security-advisories-zhongnan-luo/blob/main/advisories/CVE-2026-37223.md
https://gitlab.eurecom.fr/mosaic5g/flexric

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Disclaimer: Deze website toont informatie afkomstig van externe bronnen. Perceptive aanvaardt geen verantwoordelijkheid voor de inhoud, juistheid of volledigheid van deze informatie.

bottom of page