cvedb.io
CVE-2026-37235
HIGH · CVSS 7.5
EPSS exploitation probability: 0%
Published 2026-06-01T19:16:33.850 · Last modified 2026-06-17T10:41:29.310

Summary

FlexRIC v2.0.0 trusts the xapp_id field from E42 message payloads without binding it to the sender's SCTP association. The validation function valid_xapp_id() only checks that the value is within the assigned range. A remote unauthenticated attacker can impersonate any xApp by specifying their xapp_id in requests sent to the iApp (port 36422), causing responses to be misrouted to the victim xApp. This can crash the victim xApp, the RIC, or the iApp itself through state inconsistencies in the red-black tree data structure.

Affected products

mosaic5g — flexric

Does this affect you?

Add your gear to cvedb and we'll alert you only when mosaic5g ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.