CVE-2026-37234EPSS p21.6%
CVE-2026-37234CVE-2026-37234
mosaic5g / flexric
Description
FlexRIC v2.0.0 allows a single SCTP connection to bind multiple xapp_ids by sending multiple E42_SETUP_REQUESTs. On disconnect, only the first registered xapp_id's resources are cleaned up; subsequent xapp_ids and their subscriptions remain as stale entries. A remote attacker can exploit this to leak subscription state in the iApp, potentially causing resource exhaustion or state corruption over time.
Scoring
| CVSS | 8.2 () |
| Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H |
| EPSS | 0.30% probability of exploitation · percentile 21.6% · 2026-06-18T12:00:27Z |
| Last modified | 2026-06-05 |
Related by meaning· 6
Nearest entities by semantic similarity across the cs-graph corpus.