top of page
perceptive_background_267k.jpg

FlexRIC v2.0.0 crashes when receiving a duplicate E2_SETUP_REQUEST from the same or spoofed E2 Node. The iApp registry enforces node ID uniqueness via assert() …

Published:

31 May 2026 at 22:00:00

Alert date:

1 June 2026 at 22:04:03

Source:

nvd.nist.gov

Click to open the original link from this advisory

Network Infrastructure, Critical Infrastructure

FlexRIC v2.0.0 contains a denial of service vulnerability where duplicate E2_SETUP_REQUEST messages from the same or spoofed E2 Node cause application crashes. The iApp registry improperly enforces node ID uniqueness using assert() instead of graceful error handling. Remote unauthenticated attackers can exploit this by sending two E2_SETUP_REQUESTs with identical E2 node configuration to crash the iApp process on port 36421, triggering SIGABRT. This vulnerability affects the Open RAN (O-RAN) ecosystem and demonstrates poor input validation in critical network infrastructure components.

Technical details

Mitigation steps:

Affected products:

FlexRIC

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2026-37224
https://github.com/MinamiKotor1/oran-security-advisories-zhongnan-luo/blob/main/advisories/CVE-2026-37224.md
https://gitlab.eurecom.fr/mosaic5g/flexric

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Disclaimer: Deze website toont informatie afkomstig van externe bronnen. Perceptive aanvaardt geen verantwoordelijkheid voor de inhoud, juistheid of volledigheid van deze informatie.

bottom of page