CVE-2026-37231
Published: 01 June 2026
Summary
CVE-2026-37231 is a high-severity Wrap or Wraparound (CWE-191) vulnerability in Mosaic5G Flexric. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 34.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
EU & UK References
No EU or UK CSIRT advisories indexed for this CVE.
Vulnerability details
FlexRIC v2.0.0 uses a uint16_t counter for xapp_id assignment but stores the value in uint32_t message fields. After 65,530+ E42_SETUP_REQUESTs, the 16-bit counter wraps around and produces duplicate xapp_ids. The iApp (port 36422) crashes when attempting to register a duplicate…
more
ID in its internal data structure. A remote attacker can trigger this by repeatedly connecting and requesting new xApp registrations.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Integer wraparound leads to duplicate IDs and deterministic crash on duplicate registration, directly enabling application DoS via crafted remote connections.
CVEs Like This One
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.