Description
FlexRIC v2.0.0 crashes when an SCTP association is closed before an E2_SETUP_REQUEST is sent. The near-RT RIC assumes a mapping between SCTP association and E2 node always exists in the cleanup path and enforces this via assert(). A remote unauthenticated attacker can crash the near-RT RIC (port 36421) by simply completing an SCTP handshake and immediately disconnecting, without sending any E2AP message.
Published: 2026-06-01
Score: 7.5 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability exists in FlexRIC 2.0.0 where closing an SCTP association before sending an E2_SETUP_REQUEST triggers an assertion failure. This real‑time RIC implementation incorrectly assumes a mapping between the SCTP association and the E2 node during cleanup, which is enforced by an assert that terminates the process. An attacker can exploit this by initiating a minimal SCTP handshake on port 36421 and immediately disconnecting; no authentication or E2AP messages are required. The result is a crash of the near‑RT RIC service, which leads to a denial of service for any user relying on that RIC instance.

Affected Systems

FlexRIC version 2.0.0 is affected. No other vendors or product variants are listed in the CNA data. Administrators should verify that their deployment uses that specific version and confirm whether any subsequent releases have addressed the issue.

Risk and Exploitability

The CVSS score is not provided, but the exploit is trivial from a remote location: it only requires network connectivity to the vulnerable port and no credentials. The EPSS score is not available, and the vulnerability is not listed in the CISA KEV catalog. Because the attack does not require authentication and only triggers a crash, the risk is high for availability. The attacker can be a remote adversary with minimal effort, and any exposed FlexRIC instance will be vulnerable until patched or mitigated.

Generated by OpenCVE AI on June 1, 2026 at 16:52 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Obtain and deploy a patched release of FlexRIC that removes the assertion or validates the SCTP association before cleanup
  • If a patch is not available, enforce network segmentation or firewall rules to restrict access to port 36421 to trusted hosts only
  • Configure monitoring or logging to alert on frequent SCTP disconnect events or RIC crashes, and ensure backups or high‑availability configurations are in place

Generated by OpenCVE AI on June 1, 2026 at 16:52 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 01 Jun 2026 17:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-617
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 01 Jun 2026 17:15:00 +0000

Type Values Removed Values Added
Title FlexRIC Near‑RT RIC Crash and Denial of Service via SCTP Handshake
Weaknesses CWE-682

Mon, 01 Jun 2026 15:00:00 +0000

Type Values Removed Values Added
Description FlexRIC v2.0.0 crashes when an SCTP association is closed before an E2_SETUP_REQUEST is sent. The near-RT RIC assumes a mapping between SCTP association and E2 node always exists in the cleanup path and enforces this via assert(). A remote unauthenticated attacker can crash the near-RT RIC (port 36421) by simply completing an SCTP handshake and immediately disconnecting, without sending any E2AP message.
References

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-06-01T16:46:53.924Z

Reserved: 2026-04-06T00:00:00.000Z

Link: CVE-2026-37220

cve-icon Vulnrichment

Updated: 2026-06-01T16:45:47.834Z

cve-icon NVD

Status : Received

Published: 2026-06-01T15:16:34.163

Modified: 2026-06-01T17:16:58.200

Link: CVE-2026-37220

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-01T17:00:13Z

Weaknesses