Mosaic5g Flexric
8 CVEs affecting Mosaic5g Flexric. Latest disclosed: 2026-06-01. Critical: 0, High: 8.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-37234 | High | 8.2 | 2026-06-01 | FlexRIC v2.0.0 allows a single SCTP connection to bind multiple xapp_ids by sending multiple E42_SETUP_REQUESTs. On disconnect, only the first registered xapp_… |
CVE-2026-37235 | High | 7.5 | 2026-06-01 | FlexRIC v2.0.0 trusts the xapp_id field from E42 message payloads without binding it to the sender's SCTP association. The validation function valid_xapp_id()… |
CVE-2026-37233 | High | 7.5 | 2026-06-01 | FlexRIC v2.0.0 contains an authorization bypass in the iApp's xApp isolation mechanism. The equality function eq_xapp_ric_gen_id() in src/ric/iApp/xapp_ric_id… |
CVE-2026-37231 | High | 7.5 | 2026-06-01 | FlexRIC v2.0.0 uses a uint16_t counter for xapp_id assignment but stores the value in uint32_t message fields. After 65,530+ E42_SETUP_REQUESTs, the 16-bit cou… |
CVE-2026-37230 | High | 7.5 | 2026-06-01 | FlexRIC v2.0.0 crashes when the near-RT RIC receives a RIC_INDICATION message with a ran_func_id that does not exist in its registry. The lookup returns NULL… |
CVE-2026-37229 | High | 7.5 | 2026-06-01 | FlexRIC v2.0.0 contains a reachable assertion in e2ap_create_pdu() triggered when ASN.1 PER decoding fails. A remote unauthenticated attacker can send any non-… |
CVE-2026-37228 | High | 7.5 | 2026-06-01 | FlexRIC v2.0.0 contains a reachable assertion in e2ap_recv_sctp_msg() (src/lib/ep/e2ap_ep.c). The function allocates a fixed 32KB receive buffer and enforces a… |
CVE-2026-37226 | High | 7.5 | 2026-06-01 | FlexRIC v2.0.0 crashes when the iApp receives an E42_RIC_SUBSCRIPTION_REQUEST referencing a non-existent E2 Node. The lookup function returns NULL, which is en… |