Review
Mosaic5G
CVE published 2026-06-01
CVE-2026-37220
FlexRIC v2.0.0 contains a denial-of-service vulnerability in its near-RT RIC component. The software crashes when an SCTP association is closed before an E2_SETUP_REQUEST is sent, because the cleanup path assumes a mapping between the SCTP association and an E2 node always exists and enforces this assumption via assert(). A remote unauthenticated attacker can trigger this crash by completing an SCTP hands [truncated]