CVE-2026-37235
Last modified
CVE-2026-37235 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. FlexRIC v2.0.0 trusts the xapp_id field from E42 message payloads without binding it to the sender's SCTP association. The validation function valid_xapp_id() only checks that the value is within the assigned range. EPSS estimates a 0.57% chance of exploitation in the next 30 days.
Description
FlexRIC v2.0.0 trusts the xapp_id field from E42 message payloads without binding it to the sender's SCTP association. The validation function valid_xapp_id() only checks that the value is within the assigned range. A remote unauthenticated attacker can impersonate any xApp by specifying their xapp_id in requests sent to the iApp (port 36422), causing responses to be misrouted to the victim xApp. This can crash the victim xApp, the RIC, or the iApp itself through state inconsistencies in the red-black tree data structure.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Mosaic5g | Flexric | 2.0.0 |
References
- https://github.com/MinamiKotor1/oran-security-advisories-zhongnan-luo/blob/main/advisories/CVE-2026-37235.mdExploit, Mitigation, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2026-37235?
How severe is CVE-2026-37235?
How do I fix CVE-2026-37235?
Are you affected by CVE-2026-37235?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST