CVE-2026-37235EPSS p31.2%

CVE-2026-37235CVE-2026-37235

mosaic5g / flexric

Description

FlexRIC v2.0.0 trusts the xapp_id field from E42 message payloads without binding it to the sender's SCTP association. The validation function valid_xapp_id() only checks that the value is within the assigned range. A remote unauthenticated attacker can impersonate any xApp by specifying their xapp_id in requests sent to the iApp (port 36422), causing responses to be misrouted to the victim xApp. This can crash the victim xApp, the RIC, or the iApp itself through state inconsistencies in the red-black tree data structure.

Scoring

CVSS 7.5 ()
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS0.40% probability of exploitation · percentile 31.2% · 2026-06-18T12:00:27Z
Last modified2026-06-03

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-37233
CVE
CVE-2026-37223
CVE
CVE-2026-37226
CVE
CVE-2026-37231
CVE
CVE-2026-37225
CVE
CVE-2026-37234
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.