Skip to content

Security data

Weaknesses (CWE)The MITRE CWE weakness catalog
Attack Patterns (CAPEC)MITRE CAPEC attack patterns
CNAsNumbering authorities + report cards
VendorsVulnerabilities by vendor

Tools

CVSS CalculatorScore CVSS 4.0, 3.1, 3.0 & 2.0

Resources

LearnPlain-English security guides
Data SourcesHow we source CVE data

About Us Blog Pricing Book a Demo

Log in

RadicalNotion.AI

We do not sell or share your personal information

© 2026 RadicalNotion.AI

Security Data

CWE Directory
CAPEC Directory
CNA Directory
CNA Report Cards
Data Sources

Calculators

CVSS Calculator
CVSS 4.0
CVSS 3.1
CVSS 3.0
CVSS 2.0

Platform

My Vulnerabilities
Insights
Notifications
Account
Pricing

Company

About us
Blog
Learn
Book a demo

Get Started

Sign up
Log in

Legal

Privacy
Terms

Home
Vendors
Ericsson

Ericsson Vulnerabilities: CVEs, CISA KEV & Security Advisories

46 CVEs

Ericsson Vulnerabilities

CVE security advisories and vulnerability history for Ericsson.

46

Total CVEs

Published

0

In CISA KEV

Exploited in the wild

9

Public exploits

With known exploit

7.2

Avg CVSS

2001–2026

Overview

Ericsson has 46 published CVE records since 2001, of which 0 are in CISA's Known Exploited Vulnerabilities catalog and 9 have a known public exploit. The average CVSS base score across scored CVEs is 7.2.

This page aggregates every publicly disclosed vulnerability (CVE) affecting Ericsson products, with severity breakdowns, the most-affected products, the most common weakness types, and the latest disclosures.

Severity and exploitation

How the CVSS severity of Ericsson's CVEs breaks down, plus how many are exploited in the wild or have public exploit code.

Critical2

High12

Medium10

Low1

21 additional CVEs have no CVSS severity score.

In CISA’s Known Exploited Vulnerabilities catalog

0

None of Ericsson's CVEs are currently listed in CISA's KEV catalog.

Public exploits

9

9 of Ericsson's CVEs have a known public exploit available.

Most affected products

The Ericsson products with the most published CVEs.

network manager8 CVEs
Indoor Connect 88558 CVEs
indoor connect 8855 firmware8 CVEs
CodeChecker8 CVEs
Packet Core Controller3 CVEs
drutt mobile service delivery platform3 CVEs
Site Controller 66103 CVEs
bscs ix r18 billing \& rating admx2 CVEs

Common weakness types

The CWE weakness categories most often found in Ericsson CVEs. Follow any weakness for its full explanation.

CWE-20Improper Input Validation5 CVEs
CWE-352Cross-Site Request Forgery (CSRF)2 CVEs
CWE-78Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')2 CVEs
CWE-79Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')2 CVEs
CWE-228Improper Handling of Syntactically Invalid Structure1 CVE
CWE-284Improper Access Control1 CVE
CWE-22Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')1 CVE
CWE-200Exposure of Sensitive Information to an Unauthorized Actor1 CVE

CNAs that assign these CVEs

The CVE Numbering Authorities that publish Ericsson CVE records.

ERIC24 CVEs
mitre21 CVEs
GitHub_M1 CVEs

Disclosure activity by year

How many Ericsson CVEs were published each year.

2019

1

2020

2

2021

5

2022

3

2023

5

2024

6

2025

14

2026

5

Latest Ericsson CVEs

The most recently disclosed vulnerabilities affecting Ericsson.

Authentication bypass for certain API calls
CWE-863
Critical · CVSS 9.3
EPSS 0.0%2026-04-24
Ericsson Packet Core Controller (PCC) - Improper Handling of Syntactically Invalid Structure Vulnerability
CWE-228
Medium · CVSS 5.3
EPSS 0.0%2026-04-01
Ericsson Indoor Connect 8855 - Improper Neutralization of Input During Web Page Generation Vulnerability
CWE-79
High · CVSS 8.5
EPSS 0.0%2026-03-25
Ericsson Indoor Connect 8855 - Cross-Site Request Forgery Vulnerability
CWE-352
Medium · CVSS 5.1
EPSS 0.0%2026-03-25
Ericsson Indoor Connect 8855 - Improper Filtering of Special Elements Vulnerability
CWE-790
High · CVSS 7.2
EPSS 0.0%2026-03-25
Buffer overflow in CodeChecker log command
CWE-121
Medium · CVSS 5.9
EPSS 0.0%2025-10-28
Arbitrary Code Execution vulnerability in Ericsson RAN Compute and Site Controller
CWE-78
High · CVSS 8.4
EPSS 0.0%2025-10-13
Ericsson Network Manager: escalation of privilege vulnerability
CWE-284
Medium · CVSS 6.9
EPSS 0.1%2025-10-13
Ericsson Network Manager: improper neutralization of user controlled input
CWE-79
Low · CVSS 2.4
EPSS 0.0%2025-10-13
Ericsson Indoor Connect 8855 - Insufficiently Protected Credentials Vulnerability
CWE-522
Medium · CVSS 5.1
EPSS 0.0%2025-09-25
Ericsson Indoor Connect 8855 - Missing Authorization Vulnerability
CWE-862
High · CVSS 8.7
EPSS 0.1%2025-09-25
Ericsson Indoor Connect 8855 - Improper Input Validation Vulnerability
CWE-20
High · CVSS 8.7
EPSS 0.2%2025-09-25

Track new Ericsson CVEs as they are disclosed and get AI-written analysis and remediation guidance.

Monitor Ericsson CVEs

Other vendors

Browse vulnerabilities for other tracked vendors.

microsoft24,097 CVEs Linux19,131 CVEs google14,281 CVEs apple14,019 CVEs oracle10,440 CVEs debian10,201 CVEs IBM8,265 CVEs Adobe7,222 CVEs

Browse all vendors

Frequently asked questions

Common questions about Ericsson vulnerabilities.

How many CVEs does Ericsson have?

Ericsson has 46 published CVE records since 2001, including 19 in the last two years.

How many Ericsson CVEs are in CISA KEV?

None of Ericsson's CVEs are currently listed in CISA's Known Exploited Vulnerabilities catalog.

Which Ericsson products have the most CVEs?

The Ericsson products with the most published CVEs are network manager, Indoor Connect 8855, indoor connect 8855 firmware, CodeChecker, Packet Core Controller.

What are the most common weakness types in Ericsson CVEs?

Ericsson's CVEs most often map to these CWE weakness types: CWE-20 (Improper Input Validation), CWE-352 (Cross-Site Request Forgery (CSRF)), CWE-78 (Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')), CWE-79 (Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')).

Are there public exploits for Ericsson vulnerabilities?

Yes — 9 of Ericsson's CVEs have a known public exploit.

How many critical Ericsson vulnerabilities are there?

Ericsson has 2 critical and 12 high-severity CVEs.

What is the average severity of Ericsson CVEs?

The average CVSS base score across Ericsson's scored CVEs is 7.2.

References

The MITRE CVE Program (opens in a new tab)
Learn: What is a CVE?
CWE directory: the weakness types these CVEs map to
CNA directory: the CNAs that assign these CVEs

Vulnerability data is sourced from the CVE Program; severity, KEV, and exploit signals are aggregated by RadicalNotion.AI.

Track Ericsson vulnerabilities

Monitor new Ericsson vulnerabilities as they are disclosed, with AI-written analysis and remediation guidance.

Start free See pricing

On this page

Overview
Severity and exploitation
Most affected products
Common weakness types
Assigning CNAs
Disclosure activity
Latest CVEs
Other vendors
FAQ
References