CVE-2026-37231 - Vulnerability Details

Description

FlexRIC v2.0.0 uses a uint16_t counter for xapp_id assignment but stores the value in uint32_t message fields. After 65,530+ E42_SETUP_REQUESTs, the 16-bit counter wraps around and produces duplicate xapp_ids. The iApp (port 36422) crashes when attempting to register a duplicate ID in its internal data structure. A remote attacker can trigger this by repeatedly connecting and requesting new xApp registrations.

Published: 2026-06-01

Score: 7.5 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

FlexRIC v2.0.0 assigns an xapp_id using a 16‑bit counter but stores the value in 32‑bit message fields. When the counter exceeds 65,530 E42_SETUP_REQUESTs, it wraps around, producing duplicate xapp_ids. The iApp listening on port 36422 attempts to register the duplicate ID, fails to locate it in its internal data structure, and crashes, rendering the application unavailable. This results in a denial of service to clients that rely on the iApp for functionality.

Affected Systems

The affected product is FlexRIC v2.0.0. No additional vendor or product names are provided in the CNA data. Attackers can induce the failure by repeatedly connecting to the iApp and sending new xApp registration requests beyond the 65,530 threshold.

Risk and Exploitability

The CVSS score of 7.5 reflects a high severity. The EPSS score of < 1% signifies that exploitation prevalence is very low, yet not absent. The vulnerability is not listed in CISA's KEV catalog. Exploitation requires only a persistent connection and repeated registration requests; no special privileges are needed. The iApp will immediately crash when a duplicate xApp ID detected, causing a denial of service for all clients relying on port 36422.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

n/a

affected

Version	Status	Constraints
`n/a`	affected	—

Configuration 1 [-]

cpe:2.3:a:mosaic5g:flexric:2.0.0:*:*:*:*:*:*:*

No data.

Vendor Product Confidence Versions

Mosaic5g

Flexric

100%

Version	Status	Scheme	Platform
`2.0.0`	affected	semver	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Apply an updated release of FlexRIC that corrects the counter size mismatch
Implement connection throttling or rate‑limiting on the iApp to prevent rapid exhaustion of the xapp_id counter
Configure monitoring or alerts to detect repeated duplicate xApp ID registration attempts or iApp crash events

Generated by OpenCVE AI on June 2, 2026 at 17:25 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00426.

Exploitation none

Automatable yes

Technical Impact partial

References

Link	Providers
https://github.com/MinamiKotor1/oran-security-advisories-zhongnan-luo/blob/main/advisories/CVE-2026-37231.md
https://gitlab.eurecom.fr/mosaic5g/flexric

History

Wed, 03 Jun 2026 17:30:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:2.3:a:mosaic5g:flexric:2.0.0:::::::*

Wed, 03 Jun 2026 02:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Mosaic5g Mosaic5g flexric
Vendors & Products		Mosaic5g Mosaic5g flexric

Tue, 02 Jun 2026 15:45:00 +0000

Type	Values Removed	Values Added
Title	Duplicate xApp ID Trigger Causes iApp Crash in FlexRIC
Weaknesses	CWE-190 CWE-727

Tue, 02 Jun 2026 13:30:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-191
Metrics		cvssV3_1 `{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}` ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Mon, 01 Jun 2026 20:45:00 +0000

Type	Values Removed	Values Added
Title		Duplicate xApp ID Trigger Causes iApp Crash in FlexRIC
Weaknesses		CWE-190 CWE-727

Mon, 01 Jun 2026 19:00:00 +0000

Type	Values Removed	Values Added
Description		FlexRIC v2.0.0 uses a uint16_t counter for xapp_id assignment but stores the value in uint32_t message fields. After 65,530+ E42_SETUP_REQUESTs, the 16-bit counter wraps around and produces duplicate xapp_ids. The iApp (port 36422) crashes when attempting to register a duplicate ID in its internal data structure. A remote attacker can trigger this by repeatedly connecting and requesting new xApp registrations.
References		https://github.com/MinamiKotor1/oran-security-advisories-zhongnan-luo/blob/main/advisories/CVE-2026-37231.md https://gitlab.eurecom.fr/mosaic5g/flexric

Subscriptions

Mosaic5g Flexric

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2026-06-01T00:00:00.000Z

Updated: 2026-06-02T12:58:56.612Z

Reserved: 2026-04-06T00:00:00.000Z

Link: CVE-2026-37231

Vulnrichment

Updated: 2026-06-02T12:58:47.639Z

NVD

Status : Analyzed

Published: 2026-06-01T19:16:33.517

Modified: 2026-06-03T17:16:15.743

Link: CVE-2026-37231

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-06-02T20:55:17Z

Weaknesses

CWE-191
Integer Underflow (Wrap or Wraparound)

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Exploitation none

Automatable yes

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object