CVE-2026-37222

Published: Giu 01, 2026 Last Modified: Giu 01, 2026

ExploitDB:

Other exploit source:

Google Dorks:

HIGH 7,5

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

Attack Vector: network

Attack Complexity: low

Privileges Required: none

User Interaction: none

Scope: unchanged

Confidentiality: none

Integrity: none

Availability: high

Description

AI Translation Available

FlexRIC v2.0.0 uses hardcoded assertions to validate Information Element (IE) counts in decoded E2AP messages. A remote unauthenticated attacker can send a valid E2AP PDU containing an unexpected number of IEs (e.g., an E2setupRequest with extra optional fields) to crash the near-RT RIC (port 36421) or iApp (port 36422) via SIGABRT. The code asserts exact IE counts rather than validating against protocol-specified ranges.

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score

0,0011

Percentile

0,3th

Updated

EPSS Score Trend (Last 7 Days)

617

Reachable Assertion

Draft

Abstraction: Base Structure: Simple

Common Consequences

Security Scopes Affected:

Availability

Potential Impacts:

Dos: Crash, Exit, Or Restart

Applicable Platforms

Languages: Not Language-Specific, C, Java, Rust

View CWE Details

https://github.com/MinamiKotor1/oran-security-advisories-zh…

https://github.com/MinamiKotor1/oran-security-advisories-zhongnan-luo/blob/main…

https://gitlab.eurecom.fr/mosaic5g/flexric

CVE-2026-37222

Description

EPSS (Exploit Prediction Scoring System)

EPSS (Exploit Prediction Scoring System)

EPSS Score Trend (Last 7 Days)

Reachable Assertion

Common Consequences

Applicable Platforms

Iscriviti alla newsletter