Description
FlexRIC v2.0.0 contains a reachable assertion in the iApp message dispatcher. The dispatcher validates incoming E2AP messages against a 9-entry whitelist using assert(). A remote unauthenticated attacker can send any decodable E2AP PDU with a message type not in the whitelist to crash the iApp process (port 36422) via SIGABRT. Since iApp and the near-RT RIC share one process, this terminates the entire RIC service and disconnects all E2 Nodes and xApps.
Published: 2026-06-01
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A reachable assertion in FlexRIC v2.0.0 triggers when the iApp message dispatcher receives an E2AP PDU whose type is not on the nine‑entry whitelist. The dispatcher uses assert() to validate the input; when the assertion fails the process aborts with SIGABRT. A remote unauthenticated attacker can thus send any decodable E2AP message to port 36422 to crash the iApp process, which shares the near‑RT RIC process. This crash terminates the entire RIC service and disconnects all connected E2 nodes and xApps, effectively denying the availability of the RIC.

Affected Systems

The vulnerability affects FlexRIC v2.0.0 and the near‑RT RIC component that runs the iApp message dispatcher on port 36422. It is not tied to a standard vendor, but any installation of this version of FlexRIC is impacted.

Risk and Exploitability

The CVSS score is 7.5, indicating a high severity. The EPSS score is not available and the vulnerability is not listed in CISA KEV. The attack requires only the ability to send a crafted decodable E2AP PDU to the vulnerable port; authentication is not required. The crash leads to a complete denial of service for all RIC functions. Because no confirmed exploits are documented, the likelihood of exploitation is uncertain, but the potential impact to any RIC infrastructure is high.

Generated by OpenCVE AI on June 1, 2026 at 22:59 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Deploy the latest FlexRIC release that removes the faulty assertion or replaces it with robust error handling for unwhitelisted E2AP message types.
  • Until an update is applied, restrict inbound traffic to port 36422 with firewall rules that allow only trusted E2 node IP ranges and filter out malformed E2AP PDUs.
  • Continuously monitor RIC logs and uptime; schedule a controlled restart of the iApp process whenever a SIGABRT event occurs to minimize downtime.

Generated by OpenCVE AI on June 1, 2026 at 22:59 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 03 Jun 2026 02:30:00 +0000

Type Values Removed Values Added
First Time appeared Mosaic5g
Mosaic5g flexric
Vendors & Products Mosaic5g
Mosaic5g flexric

Mon, 01 Jun 2026 23:15:00 +0000

Type Values Removed Values Added
Title Assertion Failure in FlexRIC 2.0.0 Allows Remote Unauthenticated Crash

Mon, 01 Jun 2026 21:30:00 +0000

Type Values Removed Values Added
Title Reachable Assertion in FlexRIC iApp Leads to Remote Crash Disrupting RIC Services
Weaknesses CWE-398

Mon, 01 Jun 2026 19:15:00 +0000

Type Values Removed Values Added
Title Reachable Assertion in FlexRIC iApp Leads to Remote Crash Disrupting RIC Services
Weaknesses CWE-398
CWE-617
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 01 Jun 2026 17:00:00 +0000

Type Values Removed Values Added
Description FlexRIC v2.0.0 contains a reachable assertion in the iApp message dispatcher. The dispatcher validates incoming E2AP messages against a 9-entry whitelist using assert(). A remote unauthenticated attacker can send any decodable E2AP PDU with a message type not in the whitelist to crash the iApp process (port 36422) via SIGABRT. Since iApp and the near-RT RIC share one process, this terminates the entire RIC service and disconnects all E2 Nodes and xApps.
References

Subscriptions

Mosaic5g Flexric
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-06-01T18:51:21.511Z

Reserved: 2026-04-06T00:00:00.000Z

Link: CVE-2026-37223

cve-icon Vulnrichment

Updated: 2026-06-01T18:50:11.057Z

cve-icon NVD

Status : Deferred

Published: 2026-06-01T17:16:58.647

Modified: 2026-06-01T21:16:42.180

Link: CVE-2026-37223

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-02T20:55:30Z

Weaknesses