Description
FlexRIC v2.0.0 contains an authorization bypass in the iApp's xApp isolation mechanism. The equality function eq_xapp_ric_gen_id() in src/ric/iApp/xapp_ric_id.c compares m0->xapp_id against itself (m0->xapp_id) instead of the other argument (m1->xapp_id), effectively ignoring the xApp identity dimension. A malicious xApp connected to the iApp (port 36422) can delete any other xApp's subscriptions by sending an E42_RIC_SUBSCRIPTION_DELETE_REQUEST with a matching ric_gen_id. This breaks multi-tenant isolation in any deployment with multiple xApps sharing the same RIC.
Published: 2026-06-01
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

FlexRIC v2.0.0 contains an authorization bypass in the iApp’s xApp isolation mechanism. The function that should compare two xApp IDs instead compares one ID against itself, effectively ignoring the identity dimension of the target xApp. As a result, an attacker can delete any other xApp’s subscriptions by issuing a delete request that appears to originate from a permitted xApp. This flaw undermines multi‑tenant isolation and allows a malicious xApp to tamper with the resources of all other xApps sharing the same RIC, leading to integrity loss and potential service disruption.

Affected Systems

The vulnerability applies to FlexRIC version 2.0.0. Only deployments where multiple xApps share the same controller (iApp) are affected. No other vendors or product versions are known to be impacted.

Risk and Exploitability

The EPSS score is not available, and the vulnerability is not listed in CISA’s KEV catalog, making the current exploitation probability uncertain. However, the flaw permits a malicious actor to connect to the iApp on port 36422 and send a crafted delete request, bypassing intended access controls. Based solely on the description, the likely attack vector is a malicious xApp that is allowed to communicate with the iApp; once connected, it can exploit the bug without further privileges. The impact is severe because it allows deletion of shared subscriptions, breaking the isolation guarantees of multi‑tenant deployments.

Generated by OpenCVE AI on June 1, 2026 at 20:27 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to a patched version of FlexRIC that corrects the comparison logic in eq_xapp_ric_gen_id
  • Restrict network access to port 36422 so that only trusted xApps can connect, or use firewall rules to isolate the iApp from untrusted hosts
  • Implement monitoring or logging to detect and alert on unexpected RIC_SUBSCRIPTION_DELETE_REQUEST messages targeting xApps not owned by the sender

Generated by OpenCVE AI on June 1, 2026 at 20:27 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 01 Jun 2026 20:45:00 +0000

Type Values Removed Values Added
Title Authorization Bypass Allows xApp to Delete Other xApp Subscriptions in FlexRIC
Weaknesses CWE-284

Mon, 01 Jun 2026 19:00:00 +0000

Type Values Removed Values Added
Description FlexRIC v2.0.0 contains an authorization bypass in the iApp's xApp isolation mechanism. The equality function eq_xapp_ric_gen_id() in src/ric/iApp/xapp_ric_id.c compares m0->xapp_id against itself (m0->xapp_id) instead of the other argument (m1->xapp_id), effectively ignoring the xApp identity dimension. A malicious xApp connected to the iApp (port 36422) can delete any other xApp's subscriptions by sending an E42_RIC_SUBSCRIPTION_DELETE_REQUEST with a matching ric_gen_id. This breaks multi-tenant isolation in any deployment with multiple xApps sharing the same RIC.
References

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-06-01T17:52:27.988Z

Reserved: 2026-04-06T00:00:00.000Z

Link: CVE-2026-37233

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-06-01T19:16:33.743

Modified: 2026-06-01T19:16:33.743

Link: CVE-2026-37233

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-01T20:30:17Z

Weaknesses