CVE-2026-37234: n/a
FlexRIC v2.0.0 allows a single SCTP connection to bind multiple xapp_ids by sending multiple E42_SETUP_REQUESTs. On disconnect, only the first registered xapp_id's resources are cleaned up; subsequent xapp_ids and their subscriptions remain as stale entries. A remote attacker can exploit this to leak subscription state in the iApp, potentially causing resource exhaustion or state corruption over time.
AI Analysis
Technical Summary
The vulnerability in FlexRIC v2.0.0 arises from improper cleanup of resources when multiple xapp_ids are bound to a single SCTP connection via multiple E42_SETUP_REQUEST messages. When the connection disconnects, only the first registered xapp_id's resources are released, while others remain as stale subscription entries. This flaw allows a remote attacker to leak subscription state information and may lead to resource exhaustion or corruption of internal state within the iApp component.
Potential Impact
An attacker can exploit this vulnerability remotely to cause subscription state leakage in the iApp, which may result in resource exhaustion or state corruption over time. This could degrade system stability or availability but does not explicitly indicate direct code execution or data breach beyond subscription state leakage.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. No official fix or workaround information is currently available. Until a patch is released, monitoring for unusual resource usage related to xapp subscriptions may help detect exploitation attempts.
CVE-2026-37234: n/a
Description
FlexRIC v2.0.0 allows a single SCTP connection to bind multiple xapp_ids by sending multiple E42_SETUP_REQUESTs. On disconnect, only the first registered xapp_id's resources are cleaned up; subsequent xapp_ids and their subscriptions remain as stale entries. A remote attacker can exploit this to leak subscription state in the iApp, potentially causing resource exhaustion or state corruption over time.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The vulnerability in FlexRIC v2.0.0 arises from improper cleanup of resources when multiple xapp_ids are bound to a single SCTP connection via multiple E42_SETUP_REQUEST messages. When the connection disconnects, only the first registered xapp_id's resources are released, while others remain as stale subscription entries. This flaw allows a remote attacker to leak subscription state information and may lead to resource exhaustion or corruption of internal state within the iApp component.
Potential Impact
An attacker can exploit this vulnerability remotely to cause subscription state leakage in the iApp, which may result in resource exhaustion or state corruption over time. This could degrade system stability or availability but does not explicitly indicate direct code execution or data breach beyond subscription state leakage.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. No official fix or workaround information is currently available. Until a patch is released, monitoring for unusual resource usage related to xapp subscriptions may help detect exploitation attempts.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- mitre
- Date Reserved
- 2026-04-06T00:00:00.000Z
- Cvss Version
- null
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a1de930e29bf47b503e8307
Added to database: 6/1/2026, 8:18:56 PM
Last enriched: 6/1/2026, 8:34:08 PM
Last updated: 6/1/2026, 11:47:28 PM
Views: 3
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.