CVE-2026-37230: n/a
FlexRIC v2. 0. 0 contains a vulnerability where the near-RT RIC component crashes upon receiving a RIC_INDICATION message with a ran_func_id not present in its registry. This causes a NULL pointer dereference or assertion failure, leading to a denial of service. The issue can be triggered remotely without authentication by sending a crafted message to port 36421.
AI Analysis
Technical Summary
The vulnerability in FlexRIC v2.0.0 arises when the near-RT RIC processes a RIC_INDICATION message containing a ran_func_id that is not registered. The lookup returns NULL, which triggers an assert() failure in debug builds or a NULL pointer dereference in release builds, causing the application to crash. This can be exploited remotely by an unauthenticated attacker sending a maliciously crafted RIC_INDICATION message to port 36421, resulting in a denial of service condition.
Potential Impact
A remote unauthenticated attacker can cause the near-RT RIC to crash, resulting in a denial of service. There is no indication of code execution or data compromise from the provided information.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until a fix is available, consider restricting access to port 36421 to trusted sources to reduce exposure.
CVE-2026-37230: n/a
Description
FlexRIC v2. 0. 0 contains a vulnerability where the near-RT RIC component crashes upon receiving a RIC_INDICATION message with a ran_func_id not present in its registry. This causes a NULL pointer dereference or assertion failure, leading to a denial of service. The issue can be triggered remotely without authentication by sending a crafted message to port 36421.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The vulnerability in FlexRIC v2.0.0 arises when the near-RT RIC processes a RIC_INDICATION message containing a ran_func_id that is not registered. The lookup returns NULL, which triggers an assert() failure in debug builds or a NULL pointer dereference in release builds, causing the application to crash. This can be exploited remotely by an unauthenticated attacker sending a maliciously crafted RIC_INDICATION message to port 36421, resulting in a denial of service condition.
Potential Impact
A remote unauthenticated attacker can cause the near-RT RIC to crash, resulting in a denial of service. There is no indication of code execution or data compromise from the provided information.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until a fix is available, consider restricting access to port 36421 to trusted sources to reduce exposure.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- mitre
- Date Reserved
- 2026-04-06T00:00:00.000Z
- Cvss Version
- null
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a1de301e29bf47b503a4ecf
Added to database: 6/1/2026, 7:52:33 PM
Last enriched: 6/1/2026, 8:05:47 PM
Last updated: 6/2/2026, 4:57:41 AM
Views: 3
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.