CVE-2026-32320

Medium CVSS: 6.5

Ella Core is a 5G core designed for private networks. Prior to 1.5.1, Ella Core panics when processing a PathSwitchRequest containing UE Security Capabilities with zero-length NR encryption or integrity protection algorithm bitstrings, resulting in a denial of service. An attacker able to send crafted NGAP messages to Ella Core can crash the process, causing service disruption for all connected subscribers. No authentication is required. This vulnerability is fixed in 1.5.1.

Vendor

Ellanetworks

Product

Ella Core

CWE

CWE-125

Yayın Tarihi

2026-03-13 19:54:42

Güncelleme

2026-03-19 13:38:45

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-125 Ella Core MEDIUM Ellanetworks 2026

Referanslar

https://github.com/ellanetworks/core/security/advisories/GHSA-j478-p7vq-3347

Benzer Kayıtlar

Medium

CVE-2026-34761

Ella Core is a 5G core designed for private networks. Prior to version 1.8.0, Ella Core panics when processing a NGAP ha…

Low

CVE-2026-34762

Ella Core is a 5G core designed for private networks. Prior to version 1.8.0, the PUT /api/v1/subscriber/{imsi} API acce…

Medium

CVE-2026-33281

Ella Core is a 5G core designed for private networks. Versions prior to 1.6.0 panic when processing NGAP messages with i…

High

CVE-2026-33282

Ella Core is a 5G core designed for private networks. Versions prior to 1.6.0 panic when processing a malformed NGAP Loc…

Medium

CVE-2026-33283

Ella Core is a 5G core designed for private networks. Versions prior to 1.6.0 panic when processing malformed UL NAS Tra…

High

CVE-2026-32319

Ella Core is a 5G core designed for private networks. Prior to 1.5.1, Ella Core panics when processing a malformed integ…