CVE-2026-37226

None

No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.

FlexRIC v2.0.0 crashes when the iApp receives an E42 RIC SUBSCRIPTION REQUEST referencing a non-existent E2 Node. The lookup function returns NULL, which is enforced by assert() in Debug builds (SIGABRT) and dereferenced in Release builds (SIGSEGV). A remote unauthenticated attacker can crash the iApp process (port 36422) by sending a subscription request with an arbitrary global e2 node id.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2026-37226

Affected Products

Undefined

CVE-2026-37226

Related Identifiers

Affected Products

References · 3