Search

Find a vulnerability

Search criteria

    22 vulnerabilities found for ella_core by ellanetworks

    CVE-2026-34762 (GCVE-0-2026-34762)

    Vulnerability from nvd – Published: 2026-04-02 19:03 – Updated: 2026-04-03 15:39
    VLAI
    Title
    Ella Core Has Audit Log Falsification via Path/Body IMSI Mismatch in UpdateSubscriber
    Summary
    Ella Core is a 5G core designed for private networks. Prior to version 1.8.0, the PUT /api/v1/subscriber/{imsi} API accepts an IMSI identifier from both the URL path and the JSON request body but never verifies they match. This allows an authenticated NetworkManager to modify any subscriber's policy while the audit trail records a fabricated or unrelated subscriber IMSI. This issue has been patched in version 1.8.0.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    References
    Impacted products
    Vendor Product Version
    ellanetworks core Affected: < 1.8.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-34762",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-03T15:39:42.759798Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-03T15:39:50.305Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "core",
              "vendor": "ellanetworks",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 1.8.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Ella Core is a 5G core designed for private networks. Prior to version 1.8.0, the PUT /api/v1/subscriber/{imsi} API accepts an IMSI identifier from both the URL path and the JSON request body but never verifies they match. This allows an authenticated NetworkManager to modify any subscriber\u0027s policy while the audit trail records a fabricated or unrelated subscriber IMSI. This issue has been patched in version 1.8.0."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 2.7,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20: Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-02T19:03:54.247Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/ellanetworks/core/security/advisories/GHSA-xw45-cc32-442f",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/ellanetworks/core/security/advisories/GHSA-xw45-cc32-442f"
            },
            {
              "name": "https://github.com/ellanetworks/core/releases/tag/v1.8.0",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/ellanetworks/core/releases/tag/v1.8.0"
            }
          ],
          "source": {
            "advisory": "GHSA-xw45-cc32-442f",
            "discovery": "UNKNOWN"
          },
          "title": "Ella Core Has Audit Log Falsification via Path/Body IMSI Mismatch in UpdateSubscriber"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-34762",
        "datePublished": "2026-04-02T19:03:54.247Z",
        "dateReserved": "2026-03-30T19:17:10.225Z",
        "dateUpdated": "2026-04-03T15:39:50.305Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-34761 (GCVE-0-2026-34761)

    Vulnerability from nvd – Published: 2026-04-02 19:03 – Updated: 2026-04-03 15:43
    VLAI
    Title
    Ella Core Panics Upon NGAP handover failure
    Summary
    Ella Core is a 5G core designed for private networks. Prior to version 1.8.0, Ella Core panics when processing a NGAP handover failure message. An attacker able to cause a gNodeB to send NGAP handover failure messages to Ella Core can crash the process, causing service disruption for all connected subscribers. This issue has been patched in version 1.8.0.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-476 - NULL Pointer Dereference
    Assigner
    References
    Impacted products
    Vendor Product Version
    ellanetworks core Affected: < 1.8.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-34761",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-03T15:42:35.859554Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-03T15:43:40.050Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "core",
              "vendor": "ellanetworks",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 1.8.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Ella Core is a 5G core designed for private networks. Prior to version 1.8.0, Ella Core panics when processing a NGAP handover failure message. An attacker able to cause a gNodeB to send NGAP handover failure messages to Ella Core can crash the process, causing service disruption for all connected subscribers. This issue has been patched in version 1.8.0."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 5.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-476",
                  "description": "CWE-476: NULL Pointer Dereference",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-02T19:03:05.307Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/ellanetworks/core/security/advisories/GHSA-6gm8-3g4h-w82m",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/ellanetworks/core/security/advisories/GHSA-6gm8-3g4h-w82m"
            },
            {
              "name": "https://github.com/ellanetworks/core/releases/tag/v1.8.0",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/ellanetworks/core/releases/tag/v1.8.0"
            }
          ],
          "source": {
            "advisory": "GHSA-6gm8-3g4h-w82m",
            "discovery": "UNKNOWN"
          },
          "title": "Ella Core Panics Upon NGAP handover failure"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-34761",
        "datePublished": "2026-04-02T19:03:05.307Z",
        "dateReserved": "2026-03-30T19:17:10.225Z",
        "dateUpdated": "2026-04-03T15:43:40.050Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-33907 (GCVE-0-2026-33907)

    Vulnerability from nvd – Published: 2026-03-27 20:58 – Updated: 2026-03-30 18:53
    VLAI
    Title
    Ella Core Panics during NAS Authentication Response/Failure with missing IEs
    Summary
    Ella Core is a 5G core designed for private networks. Versions prior to 1.7.0 panic when processing Authentication Response and Authentication Failure NAS message missing IEs. An attacker able to send crafted NAS messages to Ella Core can crash the process, causing service disruption for all connected subscribers. No authentication is required. Version 1.7.0 added IE presence verification to NAS message handling.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-476 - NULL Pointer Dereference
    Assigner
    Impacted products
    Vendor Product Version
    ellanetworks core Affected: < 1.7.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-33907",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-30T18:53:05.536896Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-30T18:53:12.138Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "core",
              "vendor": "ellanetworks",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 1.7.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Ella Core is a 5G core designed for private networks. Versions prior to 1.7.0 panic when processing Authentication Response and Authentication Failure NAS message missing IEs. An attacker able to send crafted NAS messages to Ella Core can crash the process, causing service disruption for all connected subscribers. No authentication is required. Version 1.7.0 added IE presence verification to NAS message handling."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-476",
                  "description": "CWE-476: NULL Pointer Dereference",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-27T20:58:06.768Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/ellanetworks/core/security/advisories/GHSA-55q8-2gwx-29pc",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/ellanetworks/core/security/advisories/GHSA-55q8-2gwx-29pc"
            },
            {
              "name": "https://github.com/ellanetworks/core/commit/52962660e3bd3e23c7e96b0da270ac1e0e705273",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/ellanetworks/core/commit/52962660e3bd3e23c7e96b0da270ac1e0e705273"
            },
            {
              "name": "https://github.com/ellanetworks/core/releases/tag/v1.7.0",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/ellanetworks/core/releases/tag/v1.7.0"
            }
          ],
          "source": {
            "advisory": "GHSA-55q8-2gwx-29pc",
            "discovery": "UNKNOWN"
          },
          "title": "Ella Core Panics during NAS Authentication Response/Failure with missing IEs"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-33907",
        "datePublished": "2026-03-27T20:58:06.768Z",
        "dateReserved": "2026-03-24T15:41:47.491Z",
        "dateUpdated": "2026-03-30T18:53:12.138Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-33906 (GCVE-0-2026-33906)

    Vulnerability from nvd – Published: 2026-03-27 20:56 – Updated: 2026-03-31 18:53
    VLAI
    Title
    Ella Core has Privilege Escalation via Database Restore by NetworkManager role
    Summary
    Ella Core is a 5G core designed for private networks. Prior to version 1.7.0, the NetworkManager role was granted backup and restore permission. The restore endpoint accepted any valid SQLite file without verifying its contents. A NetworkManager could replace the production database with a tampered copy to escalate to Admin, gaining access to user management, audit logs, debug endpoints, and operator identity configuration that the role was explicitly denied. In version 1.7.0, backup and restore permissions have been removed from the NetworkManager role.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-269 - Improper Privilege Management
    Assigner
    Impacted products
    Vendor Product Version
    ellanetworks core Affected: < 1.7.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-33906",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-31T18:51:14.445855Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-31T18:53:56.905Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "core",
              "vendor": "ellanetworks",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 1.7.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Ella Core is a 5G core designed for private networks. Prior to version 1.7.0, the NetworkManager role was granted backup and restore permission. The restore endpoint accepted any valid SQLite file without verifying its contents. A NetworkManager could replace the production database with a tampered copy to escalate to Admin, gaining access to user management, audit logs, debug endpoints, and operator identity configuration that the role was explicitly denied. In version 1.7.0, backup and restore permissions have been removed from the NetworkManager role."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-269",
                  "description": "CWE-269: Improper Privilege Management",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-27T20:56:35.079Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/ellanetworks/core/security/advisories/GHSA-87j9-m7x6-hvw2",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/ellanetworks/core/security/advisories/GHSA-87j9-m7x6-hvw2"
            },
            {
              "name": "https://github.com/ellanetworks/core/commit/1e4768288a6519fcb63ec83f851584ecebb8a972",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/ellanetworks/core/commit/1e4768288a6519fcb63ec83f851584ecebb8a972"
            },
            {
              "name": "https://github.com/ellanetworks/core/releases/tag/v1.7.0",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/ellanetworks/core/releases/tag/v1.7.0"
            }
          ],
          "source": {
            "advisory": "GHSA-87j9-m7x6-hvw2",
            "discovery": "UNKNOWN"
          },
          "title": "Ella Core has Privilege Escalation via Database Restore by NetworkManager role"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-33906",
        "datePublished": "2026-03-27T20:56:35.079Z",
        "dateReserved": "2026-03-24T15:41:47.491Z",
        "dateUpdated": "2026-03-31T18:53:56.905Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-33904 (GCVE-0-2026-33904)

    Vulnerability from nvd – Published: 2026-03-27 20:55 – Updated: 2026-03-31 14:06
    VLAI
    Title
    Ella Core has a Denial of Service via SCTP connection cleanup deadlock
    Summary
    Ella Core is a 5G core designed for private networks. Prior to version 1.7.0, a deadlock in the AMF's SCTP notification handler causes the entire AMF control plane to hang until the process is restarted. An attacker with access to the N2 interface can cause Ella Core to hang, resulting in a denial of service for all subscribers. Version 1.7.0 adds deferred Radio cleanup in serveConn SCTP server so that every connection exit path removes the radio. Remove the stale-entry scan from SCTP Notification handling.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    ellanetworks core Affected: < 1.7.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-33904",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-31T14:06:26.825446Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-31T14:06:35.855Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "core",
              "vendor": "ellanetworks",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 1.7.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Ella Core is a 5G core designed for private networks. Prior to version 1.7.0, a deadlock in the AMF\u0027s SCTP notification handler causes the entire AMF control plane to hang until the process is restarted. An attacker with access to the N2 interface can cause Ella Core to hang, resulting in a denial of service for all subscribers. Version 1.7.0 adds deferred Radio cleanup in serveConn SCTP server so that every connection exit path removes the radio. Remove the stale-entry scan from SCTP Notification handling."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-833",
                  "description": "CWE-833: Deadlock",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-27T20:55:18.506Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/ellanetworks/core/security/advisories/GHSA-9h59-p45g-445h",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/ellanetworks/core/security/advisories/GHSA-9h59-p45g-445h"
            },
            {
              "name": "https://github.com/ellanetworks/core/commit/999f606c5cae261471d9e3f063d7ecd1bd754076",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/ellanetworks/core/commit/999f606c5cae261471d9e3f063d7ecd1bd754076"
            },
            {
              "name": "https://github.com/ellanetworks/core/releases/tag/v1.7.0",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/ellanetworks/core/releases/tag/v1.7.0"
            }
          ],
          "source": {
            "advisory": "GHSA-9h59-p45g-445h",
            "discovery": "UNKNOWN"
          },
          "title": "Ella Core has a Denial of Service via SCTP connection cleanup deadlock"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-33904",
        "datePublished": "2026-03-27T20:55:18.506Z",
        "dateReserved": "2026-03-24T15:41:47.491Z",
        "dateUpdated": "2026-03-31T14:06:35.855Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-33903 (GCVE-0-2026-33903)

    Vulnerability from nvd – Published: 2026-03-27 20:52 – Updated: 2026-03-30 15:42
    VLAI
    Title
    Ella Core panics when processing a crafted NGAP LocationReport message
    Summary
    Ella Core is a 5G core designed for private networks. Versions prior to 1.7.0 panic when processing a specially crafted NGAP LocationReport message. An attacker able to send crafted NGAP messages to Ella Core can crash the process, causing service disruption for all connected subscribers. Version 1.7.0 adds guards in NGAP Location Report handler.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-476 - NULL Pointer Dereference
    Assigner
    Impacted products
    Vendor Product Version
    ellanetworks core Affected: < 1.7.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-33903",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-30T15:42:19.338459Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-30T15:42:36.950Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "core",
              "vendor": "ellanetworks",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 1.7.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Ella Core is a 5G core designed for private networks. Versions prior to 1.7.0 panic when processing a specially crafted NGAP LocationReport message. An attacker able to send crafted NGAP messages to Ella Core can crash the process, causing service disruption for all connected subscribers. Version 1.7.0 adds guards in NGAP Location Report handler."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-476",
                  "description": "CWE-476: NULL Pointer Dereference",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-27T20:52:37.157Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/ellanetworks/core/security/advisories/GHSA-f2f3-9cx3-wcmf",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/ellanetworks/core/security/advisories/GHSA-f2f3-9cx3-wcmf"
            },
            {
              "name": "https://github.com/ellanetworks/core/commit/ec77a2ad4508f8488cb356fd45b2f1efd92587f8",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/ellanetworks/core/commit/ec77a2ad4508f8488cb356fd45b2f1efd92587f8"
            },
            {
              "name": "https://github.com/ellanetworks/core/releases/tag/v1.7.0",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/ellanetworks/core/releases/tag/v1.7.0"
            }
          ],
          "source": {
            "advisory": "GHSA-f2f3-9cx3-wcmf",
            "discovery": "UNKNOWN"
          },
          "title": "Ella Core panics when processing a crafted NGAP LocationReport message"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-33903",
        "datePublished": "2026-03-27T20:52:37.157Z",
        "dateReserved": "2026-03-24T15:41:47.491Z",
        "dateUpdated": "2026-03-30T15:42:36.950Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-33283 (GCVE-0-2026-33283)

    Vulnerability from nvd – Published: 2026-03-23 23:49 – Updated: 2026-03-24 15:12
    VLAI
    Title
    Ella Core panics on malformed ULNASTransport Message without a Request Type
    Summary
    Ella Core is a 5G core designed for private networks. Versions prior to 1.6.0 panic when processing malformed UL NAS Transport NAS messages without a Request Type. An attacker able to send crafted NAS messages to Ella Core can crash the process, causing service disruption for all connected subscribers. No authentication is required. Version 1.6.0 adds a guard when receiving an UL NAS Message without a Request Type given no SM Context.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-476 - NULL Pointer Dereference
    Assigner
    References
    Impacted products
    Vendor Product Version
    ellanetworks core Affected: < 1.6.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-33283",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-24T14:12:37.211448Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-24T15:12:39.668Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "core",
              "vendor": "ellanetworks",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 1.6.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Ella Core is a 5G core designed for private networks. Versions prior to 1.6.0 panic when processing malformed UL NAS Transport NAS messages without a Request Type. An attacker able to send crafted NAS messages to Ella Core can crash the process, causing service disruption for all connected subscribers. No authentication is required. Version 1.6.0 adds a guard when receiving an UL NAS Message without a Request Type given no SM Context."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-476",
                  "description": "CWE-476: NULL Pointer Dereference",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-23T23:49:42.539Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/ellanetworks/core/security/advisories/GHSA-3366-gw57-fcm5",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/ellanetworks/core/security/advisories/GHSA-3366-gw57-fcm5"
            }
          ],
          "source": {
            "advisory": "GHSA-3366-gw57-fcm5",
            "discovery": "UNKNOWN"
          },
          "title": "Ella Core panics on malformed ULNASTransport Message without a Request Type"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-33283",
        "datePublished": "2026-03-23T23:49:42.539Z",
        "dateReserved": "2026-03-18T18:55:47.425Z",
        "dateUpdated": "2026-03-24T15:12:39.668Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-33282 (GCVE-0-2026-33282)

    Vulnerability from nvd – Published: 2026-03-23 23:47 – Updated: 2026-03-25 19:25
    VLAI
    Title
    Ella Core panics on malformed NGAP Location Report
    Summary
    Ella Core is a 5G core designed for private networks. Versions prior to 1.6.0 panic when processing a malformed NGAP LocationReport message with `ue-presence-in-area-of-interest` event type and omitting the optional `UEPresenceInAreaOfInterestList` IE. An attacker able to send crafted NGAP messages to Ella Core can crash the process, causing service disruption for all connected subscribers. No authentication is required. Version 1.6.0 added IE presence verification to NGAP message handling.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-476 - NULL Pointer Dereference
    Assigner
    References
    Impacted products
    Vendor Product Version
    ellanetworks core Affected: < 1.6.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-33282",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-25T19:23:25.820727Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-25T19:25:14.461Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "core",
              "vendor": "ellanetworks",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 1.6.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Ella Core is a 5G core designed for private networks. Versions prior to 1.6.0 panic when processing a malformed NGAP LocationReport message with  `ue-presence-in-area-of-interest` event type and omitting the optional `UEPresenceInAreaOfInterestList` IE. An attacker able to send crafted NGAP messages to Ella Core can crash the process, causing service disruption for all connected subscribers. No authentication is required. Version 1.6.0 added IE presence verification to NGAP message handling."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-476",
                  "description": "CWE-476: NULL Pointer Dereference",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-23T23:47:26.483Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/ellanetworks/core/security/advisories/GHSA-826q-wrq4-p23x",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/ellanetworks/core/security/advisories/GHSA-826q-wrq4-p23x"
            }
          ],
          "source": {
            "advisory": "GHSA-826q-wrq4-p23x",
            "discovery": "UNKNOWN"
          },
          "title": "Ella Core panics on malformed NGAP Location Report"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-33282",
        "datePublished": "2026-03-23T23:47:26.483Z",
        "dateReserved": "2026-03-18T18:55:47.425Z",
        "dateUpdated": "2026-03-25T19:25:14.461Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-33281 (GCVE-0-2026-33281)

    Vulnerability from nvd – Published: 2026-03-23 23:46 – Updated: 2026-03-24 13:32
    VLAI
    Title
    Ella Core panics on invalid PDU Session IDs in NGAP messages
    Summary
    Ella Core is a 5G core designed for private networks. Versions prior to 1.6.0 panic when processing NGAP messages with invalid PDU Session IDs outside of 1-15. An attacker able to send crafted NGAP messages to Ella Core can crash the process, causing service disruption for all connected subscribers. No authentication is required. Version 1.6.0 added PDU Session ID validations during NGAP message handling.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-129 - Improper Validation of Array Index
    Assigner
    References
    Impacted products
    Vendor Product Version
    ellanetworks core Affected: < 1.6.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-33281",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-24T13:32:12.303642Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-24T13:32:41.782Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "core",
              "vendor": "ellanetworks",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 1.6.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Ella Core is a 5G core designed for private networks. Versions prior to 1.6.0 panic when processing NGAP messages with invalid PDU Session IDs outside of 1-15. An attacker able to send crafted NGAP messages to Ella Core can crash the process, causing service disruption for all connected subscribers. No authentication is required. Version 1.6.0 added PDU Session ID validations during NGAP message handling."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-129",
                  "description": "CWE-129: Improper Validation of Array Index",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-23T23:46:12.797Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/ellanetworks/core/security/advisories/GHSA-q669-4gmv-g8mf",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/ellanetworks/core/security/advisories/GHSA-q669-4gmv-g8mf"
            }
          ],
          "source": {
            "advisory": "GHSA-q669-4gmv-g8mf",
            "discovery": "UNKNOWN"
          },
          "title": "Ella Core panics on invalid PDU Session IDs in NGAP messages"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-33281",
        "datePublished": "2026-03-23T23:46:12.797Z",
        "dateReserved": "2026-03-18T18:55:47.425Z",
        "dateUpdated": "2026-03-24T13:32:41.782Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-32320 (GCVE-0-2026-32320)

    Vulnerability from nvd – Published: 2026-03-12 21:34 – Updated: 2026-03-14 03:46
    VLAI
    Title
    Ella Core: AMF DoS via malformed PathSwitchRequest with empty NR security capability bitstrings
    Summary
    Ella Core is a 5G core designed for private networks. Prior to 1.5.1, Ella Core panics when processing a PathSwitchRequest containing UE Security Capabilities with zero-length NR encryption or integrity protection algorithm bitstrings, resulting in a denial of service. An attacker able to send crafted NGAP messages to Ella Core can crash the process, causing service disruption for all connected subscribers. No authentication is required. This vulnerability is fixed in 1.5.1.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    ellanetworks core Affected: < 1.5.1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-32320",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-14T03:46:19.675025Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-14T03:46:29.938Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "core",
              "vendor": "ellanetworks",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 1.5.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Ella Core is a 5G core designed for private networks. Prior to 1.5.1, Ella Core panics when processing a PathSwitchRequest containing UE Security Capabilities with zero-length NR encryption or integrity protection algorithm bitstrings, resulting in a denial of service. An attacker able to send crafted NGAP messages to Ella Core can crash the process, causing service disruption for all connected subscribers. No authentication is required. This vulnerability is fixed in 1.5.1."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "CWE-125: Out-of-bounds Read",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-12T21:34:50.318Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/ellanetworks/core/security/advisories/GHSA-j478-p7vq-3347",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/ellanetworks/core/security/advisories/GHSA-j478-p7vq-3347"
            }
          ],
          "source": {
            "advisory": "GHSA-j478-p7vq-3347",
            "discovery": "UNKNOWN"
          },
          "title": "Ella Core: AMF DoS via malformed PathSwitchRequest with empty NR security capability bitstrings"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-32320",
        "datePublished": "2026-03-12T21:34:50.318Z",
        "dateReserved": "2026-03-11T21:16:21.661Z",
        "dateUpdated": "2026-03-14T03:46:29.938Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-32319 (GCVE-0-2026-32319)

    Vulnerability from nvd – Published: 2026-03-12 21:33 – Updated: 2026-03-14 03:45
    VLAI
    Title
    Ella Core: Unauthenticated AMF DoS via malformed InitialUEMessage with undersized integrity-protected NAS payload
    Summary
    Ella Core is a 5G core designed for private networks. Prior to 1.5.1, Ella Core panics when processing a malformed integrity protected NGAP/NAS message with a length under 7 bytes. An attacker able to send crafted NAS messages to Ella Core can crash the process, causing service disruption for all connected subscribers. No authentication is required. This vulnerability is fixed in 1.5.1.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    ellanetworks core Affected: < 1.5.1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-32319",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-14T03:45:45.367242Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-14T03:45:57.547Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "core",
              "vendor": "ellanetworks",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 1.5.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Ella Core is a 5G core designed for private networks. Prior to 1.5.1, Ella Core panics when processing a malformed integrity protected NGAP/NAS message with a length under 7 bytes. An attacker able to send crafted NAS messages to Ella Core can crash the process, causing service disruption for all connected subscribers. No authentication is required. This vulnerability is fixed in 1.5.1."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "CWE-125: Out-of-bounds Read",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-12T21:33:32.463Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/ellanetworks/core/security/advisories/GHSA-m9pm-w3gv-c68f",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/ellanetworks/core/security/advisories/GHSA-m9pm-w3gv-c68f"
            }
          ],
          "source": {
            "advisory": "GHSA-m9pm-w3gv-c68f",
            "discovery": "UNKNOWN"
          },
          "title": "Ella Core: Unauthenticated AMF DoS via malformed InitialUEMessage with undersized integrity-protected NAS payload"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-32319",
        "datePublished": "2026-03-12T21:33:32.463Z",
        "dateReserved": "2026-03-11T21:16:21.661Z",
        "dateUpdated": "2026-03-14T03:45:57.547Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-34762 (GCVE-0-2026-34762)

    Vulnerability from cvelistv5 – Published: 2026-04-02 19:03 – Updated: 2026-04-03 15:39
    VLAI
    Title
    Ella Core Has Audit Log Falsification via Path/Body IMSI Mismatch in UpdateSubscriber
    Summary
    Ella Core is a 5G core designed for private networks. Prior to version 1.8.0, the PUT /api/v1/subscriber/{imsi} API accepts an IMSI identifier from both the URL path and the JSON request body but never verifies they match. This allows an authenticated NetworkManager to modify any subscriber's policy while the audit trail records a fabricated or unrelated subscriber IMSI. This issue has been patched in version 1.8.0.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    References
    Impacted products
    Vendor Product Version
    ellanetworks core Affected: < 1.8.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-34762",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-03T15:39:42.759798Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-03T15:39:50.305Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "core",
              "vendor": "ellanetworks",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 1.8.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Ella Core is a 5G core designed for private networks. Prior to version 1.8.0, the PUT /api/v1/subscriber/{imsi} API accepts an IMSI identifier from both the URL path and the JSON request body but never verifies they match. This allows an authenticated NetworkManager to modify any subscriber\u0027s policy while the audit trail records a fabricated or unrelated subscriber IMSI. This issue has been patched in version 1.8.0."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 2.7,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20: Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-02T19:03:54.247Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/ellanetworks/core/security/advisories/GHSA-xw45-cc32-442f",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/ellanetworks/core/security/advisories/GHSA-xw45-cc32-442f"
            },
            {
              "name": "https://github.com/ellanetworks/core/releases/tag/v1.8.0",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/ellanetworks/core/releases/tag/v1.8.0"
            }
          ],
          "source": {
            "advisory": "GHSA-xw45-cc32-442f",
            "discovery": "UNKNOWN"
          },
          "title": "Ella Core Has Audit Log Falsification via Path/Body IMSI Mismatch in UpdateSubscriber"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-34762",
        "datePublished": "2026-04-02T19:03:54.247Z",
        "dateReserved": "2026-03-30T19:17:10.225Z",
        "dateUpdated": "2026-04-03T15:39:50.305Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-34761 (GCVE-0-2026-34761)

    Vulnerability from cvelistv5 – Published: 2026-04-02 19:03 – Updated: 2026-04-03 15:43
    VLAI
    Title
    Ella Core Panics Upon NGAP handover failure
    Summary
    Ella Core is a 5G core designed for private networks. Prior to version 1.8.0, Ella Core panics when processing a NGAP handover failure message. An attacker able to cause a gNodeB to send NGAP handover failure messages to Ella Core can crash the process, causing service disruption for all connected subscribers. This issue has been patched in version 1.8.0.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-476 - NULL Pointer Dereference
    Assigner
    References
    Impacted products
    Vendor Product Version
    ellanetworks core Affected: < 1.8.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-34761",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-03T15:42:35.859554Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-03T15:43:40.050Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "core",
              "vendor": "ellanetworks",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 1.8.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Ella Core is a 5G core designed for private networks. Prior to version 1.8.0, Ella Core panics when processing a NGAP handover failure message. An attacker able to cause a gNodeB to send NGAP handover failure messages to Ella Core can crash the process, causing service disruption for all connected subscribers. This issue has been patched in version 1.8.0."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 5.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-476",
                  "description": "CWE-476: NULL Pointer Dereference",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-02T19:03:05.307Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/ellanetworks/core/security/advisories/GHSA-6gm8-3g4h-w82m",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/ellanetworks/core/security/advisories/GHSA-6gm8-3g4h-w82m"
            },
            {
              "name": "https://github.com/ellanetworks/core/releases/tag/v1.8.0",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/ellanetworks/core/releases/tag/v1.8.0"
            }
          ],
          "source": {
            "advisory": "GHSA-6gm8-3g4h-w82m",
            "discovery": "UNKNOWN"
          },
          "title": "Ella Core Panics Upon NGAP handover failure"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-34761",
        "datePublished": "2026-04-02T19:03:05.307Z",
        "dateReserved": "2026-03-30T19:17:10.225Z",
        "dateUpdated": "2026-04-03T15:43:40.050Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-33907 (GCVE-0-2026-33907)

    Vulnerability from cvelistv5 – Published: 2026-03-27 20:58 – Updated: 2026-03-30 18:53
    VLAI
    Title
    Ella Core Panics during NAS Authentication Response/Failure with missing IEs
    Summary
    Ella Core is a 5G core designed for private networks. Versions prior to 1.7.0 panic when processing Authentication Response and Authentication Failure NAS message missing IEs. An attacker able to send crafted NAS messages to Ella Core can crash the process, causing service disruption for all connected subscribers. No authentication is required. Version 1.7.0 added IE presence verification to NAS message handling.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-476 - NULL Pointer Dereference
    Assigner
    Impacted products
    Vendor Product Version
    ellanetworks core Affected: < 1.7.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-33907",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-30T18:53:05.536896Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-30T18:53:12.138Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "core",
              "vendor": "ellanetworks",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 1.7.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Ella Core is a 5G core designed for private networks. Versions prior to 1.7.0 panic when processing Authentication Response and Authentication Failure NAS message missing IEs. An attacker able to send crafted NAS messages to Ella Core can crash the process, causing service disruption for all connected subscribers. No authentication is required. Version 1.7.0 added IE presence verification to NAS message handling."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-476",
                  "description": "CWE-476: NULL Pointer Dereference",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-27T20:58:06.768Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/ellanetworks/core/security/advisories/GHSA-55q8-2gwx-29pc",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/ellanetworks/core/security/advisories/GHSA-55q8-2gwx-29pc"
            },
            {
              "name": "https://github.com/ellanetworks/core/commit/52962660e3bd3e23c7e96b0da270ac1e0e705273",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/ellanetworks/core/commit/52962660e3bd3e23c7e96b0da270ac1e0e705273"
            },
            {
              "name": "https://github.com/ellanetworks/core/releases/tag/v1.7.0",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/ellanetworks/core/releases/tag/v1.7.0"
            }
          ],
          "source": {
            "advisory": "GHSA-55q8-2gwx-29pc",
            "discovery": "UNKNOWN"
          },
          "title": "Ella Core Panics during NAS Authentication Response/Failure with missing IEs"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-33907",
        "datePublished": "2026-03-27T20:58:06.768Z",
        "dateReserved": "2026-03-24T15:41:47.491Z",
        "dateUpdated": "2026-03-30T18:53:12.138Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-33906 (GCVE-0-2026-33906)

    Vulnerability from cvelistv5 – Published: 2026-03-27 20:56 – Updated: 2026-03-31 18:53
    VLAI
    Title
    Ella Core has Privilege Escalation via Database Restore by NetworkManager role
    Summary
    Ella Core is a 5G core designed for private networks. Prior to version 1.7.0, the NetworkManager role was granted backup and restore permission. The restore endpoint accepted any valid SQLite file without verifying its contents. A NetworkManager could replace the production database with a tampered copy to escalate to Admin, gaining access to user management, audit logs, debug endpoints, and operator identity configuration that the role was explicitly denied. In version 1.7.0, backup and restore permissions have been removed from the NetworkManager role.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-269 - Improper Privilege Management
    Assigner
    Impacted products
    Vendor Product Version
    ellanetworks core Affected: < 1.7.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-33906",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-31T18:51:14.445855Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-31T18:53:56.905Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "core",
              "vendor": "ellanetworks",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 1.7.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Ella Core is a 5G core designed for private networks. Prior to version 1.7.0, the NetworkManager role was granted backup and restore permission. The restore endpoint accepted any valid SQLite file without verifying its contents. A NetworkManager could replace the production database with a tampered copy to escalate to Admin, gaining access to user management, audit logs, debug endpoints, and operator identity configuration that the role was explicitly denied. In version 1.7.0, backup and restore permissions have been removed from the NetworkManager role."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-269",
                  "description": "CWE-269: Improper Privilege Management",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-27T20:56:35.079Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/ellanetworks/core/security/advisories/GHSA-87j9-m7x6-hvw2",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/ellanetworks/core/security/advisories/GHSA-87j9-m7x6-hvw2"
            },
            {
              "name": "https://github.com/ellanetworks/core/commit/1e4768288a6519fcb63ec83f851584ecebb8a972",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/ellanetworks/core/commit/1e4768288a6519fcb63ec83f851584ecebb8a972"
            },
            {
              "name": "https://github.com/ellanetworks/core/releases/tag/v1.7.0",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/ellanetworks/core/releases/tag/v1.7.0"
            }
          ],
          "source": {
            "advisory": "GHSA-87j9-m7x6-hvw2",
            "discovery": "UNKNOWN"
          },
          "title": "Ella Core has Privilege Escalation via Database Restore by NetworkManager role"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-33906",
        "datePublished": "2026-03-27T20:56:35.079Z",
        "dateReserved": "2026-03-24T15:41:47.491Z",
        "dateUpdated": "2026-03-31T18:53:56.905Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-33904 (GCVE-0-2026-33904)

    Vulnerability from cvelistv5 – Published: 2026-03-27 20:55 – Updated: 2026-03-31 14:06
    VLAI
    Title
    Ella Core has a Denial of Service via SCTP connection cleanup deadlock
    Summary
    Ella Core is a 5G core designed for private networks. Prior to version 1.7.0, a deadlock in the AMF's SCTP notification handler causes the entire AMF control plane to hang until the process is restarted. An attacker with access to the N2 interface can cause Ella Core to hang, resulting in a denial of service for all subscribers. Version 1.7.0 adds deferred Radio cleanup in serveConn SCTP server so that every connection exit path removes the radio. Remove the stale-entry scan from SCTP Notification handling.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    ellanetworks core Affected: < 1.7.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-33904",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-31T14:06:26.825446Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-31T14:06:35.855Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "core",
              "vendor": "ellanetworks",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 1.7.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Ella Core is a 5G core designed for private networks. Prior to version 1.7.0, a deadlock in the AMF\u0027s SCTP notification handler causes the entire AMF control plane to hang until the process is restarted. An attacker with access to the N2 interface can cause Ella Core to hang, resulting in a denial of service for all subscribers. Version 1.7.0 adds deferred Radio cleanup in serveConn SCTP server so that every connection exit path removes the radio. Remove the stale-entry scan from SCTP Notification handling."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-833",
                  "description": "CWE-833: Deadlock",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-27T20:55:18.506Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/ellanetworks/core/security/advisories/GHSA-9h59-p45g-445h",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/ellanetworks/core/security/advisories/GHSA-9h59-p45g-445h"
            },
            {
              "name": "https://github.com/ellanetworks/core/commit/999f606c5cae261471d9e3f063d7ecd1bd754076",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/ellanetworks/core/commit/999f606c5cae261471d9e3f063d7ecd1bd754076"
            },
            {
              "name": "https://github.com/ellanetworks/core/releases/tag/v1.7.0",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/ellanetworks/core/releases/tag/v1.7.0"
            }
          ],
          "source": {
            "advisory": "GHSA-9h59-p45g-445h",
            "discovery": "UNKNOWN"
          },
          "title": "Ella Core has a Denial of Service via SCTP connection cleanup deadlock"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-33904",
        "datePublished": "2026-03-27T20:55:18.506Z",
        "dateReserved": "2026-03-24T15:41:47.491Z",
        "dateUpdated": "2026-03-31T14:06:35.855Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-33903 (GCVE-0-2026-33903)

    Vulnerability from cvelistv5 – Published: 2026-03-27 20:52 – Updated: 2026-03-30 15:42
    VLAI
    Title
    Ella Core panics when processing a crafted NGAP LocationReport message
    Summary
    Ella Core is a 5G core designed for private networks. Versions prior to 1.7.0 panic when processing a specially crafted NGAP LocationReport message. An attacker able to send crafted NGAP messages to Ella Core can crash the process, causing service disruption for all connected subscribers. Version 1.7.0 adds guards in NGAP Location Report handler.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-476 - NULL Pointer Dereference
    Assigner
    Impacted products
    Vendor Product Version
    ellanetworks core Affected: < 1.7.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-33903",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-30T15:42:19.338459Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-30T15:42:36.950Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "core",
              "vendor": "ellanetworks",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 1.7.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Ella Core is a 5G core designed for private networks. Versions prior to 1.7.0 panic when processing a specially crafted NGAP LocationReport message. An attacker able to send crafted NGAP messages to Ella Core can crash the process, causing service disruption for all connected subscribers. Version 1.7.0 adds guards in NGAP Location Report handler."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-476",
                  "description": "CWE-476: NULL Pointer Dereference",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-27T20:52:37.157Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/ellanetworks/core/security/advisories/GHSA-f2f3-9cx3-wcmf",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/ellanetworks/core/security/advisories/GHSA-f2f3-9cx3-wcmf"
            },
            {
              "name": "https://github.com/ellanetworks/core/commit/ec77a2ad4508f8488cb356fd45b2f1efd92587f8",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/ellanetworks/core/commit/ec77a2ad4508f8488cb356fd45b2f1efd92587f8"
            },
            {
              "name": "https://github.com/ellanetworks/core/releases/tag/v1.7.0",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/ellanetworks/core/releases/tag/v1.7.0"
            }
          ],
          "source": {
            "advisory": "GHSA-f2f3-9cx3-wcmf",
            "discovery": "UNKNOWN"
          },
          "title": "Ella Core panics when processing a crafted NGAP LocationReport message"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-33903",
        "datePublished": "2026-03-27T20:52:37.157Z",
        "dateReserved": "2026-03-24T15:41:47.491Z",
        "dateUpdated": "2026-03-30T15:42:36.950Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-33283 (GCVE-0-2026-33283)

    Vulnerability from cvelistv5 – Published: 2026-03-23 23:49 – Updated: 2026-03-24 15:12
    VLAI
    Title
    Ella Core panics on malformed ULNASTransport Message without a Request Type
    Summary
    Ella Core is a 5G core designed for private networks. Versions prior to 1.6.0 panic when processing malformed UL NAS Transport NAS messages without a Request Type. An attacker able to send crafted NAS messages to Ella Core can crash the process, causing service disruption for all connected subscribers. No authentication is required. Version 1.6.0 adds a guard when receiving an UL NAS Message without a Request Type given no SM Context.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-476 - NULL Pointer Dereference
    Assigner
    References
    Impacted products
    Vendor Product Version
    ellanetworks core Affected: < 1.6.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-33283",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-24T14:12:37.211448Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-24T15:12:39.668Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "core",
              "vendor": "ellanetworks",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 1.6.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Ella Core is a 5G core designed for private networks. Versions prior to 1.6.0 panic when processing malformed UL NAS Transport NAS messages without a Request Type. An attacker able to send crafted NAS messages to Ella Core can crash the process, causing service disruption for all connected subscribers. No authentication is required. Version 1.6.0 adds a guard when receiving an UL NAS Message without a Request Type given no SM Context."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-476",
                  "description": "CWE-476: NULL Pointer Dereference",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-23T23:49:42.539Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/ellanetworks/core/security/advisories/GHSA-3366-gw57-fcm5",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/ellanetworks/core/security/advisories/GHSA-3366-gw57-fcm5"
            }
          ],
          "source": {
            "advisory": "GHSA-3366-gw57-fcm5",
            "discovery": "UNKNOWN"
          },
          "title": "Ella Core panics on malformed ULNASTransport Message without a Request Type"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-33283",
        "datePublished": "2026-03-23T23:49:42.539Z",
        "dateReserved": "2026-03-18T18:55:47.425Z",
        "dateUpdated": "2026-03-24T15:12:39.668Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-33282 (GCVE-0-2026-33282)

    Vulnerability from cvelistv5 – Published: 2026-03-23 23:47 – Updated: 2026-03-25 19:25
    VLAI
    Title
    Ella Core panics on malformed NGAP Location Report
    Summary
    Ella Core is a 5G core designed for private networks. Versions prior to 1.6.0 panic when processing a malformed NGAP LocationReport message with `ue-presence-in-area-of-interest` event type and omitting the optional `UEPresenceInAreaOfInterestList` IE. An attacker able to send crafted NGAP messages to Ella Core can crash the process, causing service disruption for all connected subscribers. No authentication is required. Version 1.6.0 added IE presence verification to NGAP message handling.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-476 - NULL Pointer Dereference
    Assigner
    References
    Impacted products
    Vendor Product Version
    ellanetworks core Affected: < 1.6.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-33282",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-25T19:23:25.820727Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-25T19:25:14.461Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "core",
              "vendor": "ellanetworks",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 1.6.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Ella Core is a 5G core designed for private networks. Versions prior to 1.6.0 panic when processing a malformed NGAP LocationReport message with  `ue-presence-in-area-of-interest` event type and omitting the optional `UEPresenceInAreaOfInterestList` IE. An attacker able to send crafted NGAP messages to Ella Core can crash the process, causing service disruption for all connected subscribers. No authentication is required. Version 1.6.0 added IE presence verification to NGAP message handling."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-476",
                  "description": "CWE-476: NULL Pointer Dereference",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-23T23:47:26.483Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/ellanetworks/core/security/advisories/GHSA-826q-wrq4-p23x",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/ellanetworks/core/security/advisories/GHSA-826q-wrq4-p23x"
            }
          ],
          "source": {
            "advisory": "GHSA-826q-wrq4-p23x",
            "discovery": "UNKNOWN"
          },
          "title": "Ella Core panics on malformed NGAP Location Report"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-33282",
        "datePublished": "2026-03-23T23:47:26.483Z",
        "dateReserved": "2026-03-18T18:55:47.425Z",
        "dateUpdated": "2026-03-25T19:25:14.461Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-33281 (GCVE-0-2026-33281)

    Vulnerability from cvelistv5 – Published: 2026-03-23 23:46 – Updated: 2026-03-24 13:32
    VLAI
    Title
    Ella Core panics on invalid PDU Session IDs in NGAP messages
    Summary
    Ella Core is a 5G core designed for private networks. Versions prior to 1.6.0 panic when processing NGAP messages with invalid PDU Session IDs outside of 1-15. An attacker able to send crafted NGAP messages to Ella Core can crash the process, causing service disruption for all connected subscribers. No authentication is required. Version 1.6.0 added PDU Session ID validations during NGAP message handling.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-129 - Improper Validation of Array Index
    Assigner
    References
    Impacted products
    Vendor Product Version
    ellanetworks core Affected: < 1.6.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-33281",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-24T13:32:12.303642Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-24T13:32:41.782Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "core",
              "vendor": "ellanetworks",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 1.6.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Ella Core is a 5G core designed for private networks. Versions prior to 1.6.0 panic when processing NGAP messages with invalid PDU Session IDs outside of 1-15. An attacker able to send crafted NGAP messages to Ella Core can crash the process, causing service disruption for all connected subscribers. No authentication is required. Version 1.6.0 added PDU Session ID validations during NGAP message handling."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-129",
                  "description": "CWE-129: Improper Validation of Array Index",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-23T23:46:12.797Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/ellanetworks/core/security/advisories/GHSA-q669-4gmv-g8mf",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/ellanetworks/core/security/advisories/GHSA-q669-4gmv-g8mf"
            }
          ],
          "source": {
            "advisory": "GHSA-q669-4gmv-g8mf",
            "discovery": "UNKNOWN"
          },
          "title": "Ella Core panics on invalid PDU Session IDs in NGAP messages"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-33281",
        "datePublished": "2026-03-23T23:46:12.797Z",
        "dateReserved": "2026-03-18T18:55:47.425Z",
        "dateUpdated": "2026-03-24T13:32:41.782Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-32320 (GCVE-0-2026-32320)

    Vulnerability from cvelistv5 – Published: 2026-03-12 21:34 – Updated: 2026-03-14 03:46
    VLAI
    Title
    Ella Core: AMF DoS via malformed PathSwitchRequest with empty NR security capability bitstrings
    Summary
    Ella Core is a 5G core designed for private networks. Prior to 1.5.1, Ella Core panics when processing a PathSwitchRequest containing UE Security Capabilities with zero-length NR encryption or integrity protection algorithm bitstrings, resulting in a denial of service. An attacker able to send crafted NGAP messages to Ella Core can crash the process, causing service disruption for all connected subscribers. No authentication is required. This vulnerability is fixed in 1.5.1.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    ellanetworks core Affected: < 1.5.1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-32320",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-14T03:46:19.675025Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-14T03:46:29.938Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "core",
              "vendor": "ellanetworks",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 1.5.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Ella Core is a 5G core designed for private networks. Prior to 1.5.1, Ella Core panics when processing a PathSwitchRequest containing UE Security Capabilities with zero-length NR encryption or integrity protection algorithm bitstrings, resulting in a denial of service. An attacker able to send crafted NGAP messages to Ella Core can crash the process, causing service disruption for all connected subscribers. No authentication is required. This vulnerability is fixed in 1.5.1."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "CWE-125: Out-of-bounds Read",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-12T21:34:50.318Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/ellanetworks/core/security/advisories/GHSA-j478-p7vq-3347",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/ellanetworks/core/security/advisories/GHSA-j478-p7vq-3347"
            }
          ],
          "source": {
            "advisory": "GHSA-j478-p7vq-3347",
            "discovery": "UNKNOWN"
          },
          "title": "Ella Core: AMF DoS via malformed PathSwitchRequest with empty NR security capability bitstrings"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-32320",
        "datePublished": "2026-03-12T21:34:50.318Z",
        "dateReserved": "2026-03-11T21:16:21.661Z",
        "dateUpdated": "2026-03-14T03:46:29.938Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-32319 (GCVE-0-2026-32319)

    Vulnerability from cvelistv5 – Published: 2026-03-12 21:33 – Updated: 2026-03-14 03:45
    VLAI
    Title
    Ella Core: Unauthenticated AMF DoS via malformed InitialUEMessage with undersized integrity-protected NAS payload
    Summary
    Ella Core is a 5G core designed for private networks. Prior to 1.5.1, Ella Core panics when processing a malformed integrity protected NGAP/NAS message with a length under 7 bytes. An attacker able to send crafted NAS messages to Ella Core can crash the process, causing service disruption for all connected subscribers. No authentication is required. This vulnerability is fixed in 1.5.1.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    ellanetworks core Affected: < 1.5.1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-32319",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-14T03:45:45.367242Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-14T03:45:57.547Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "core",
              "vendor": "ellanetworks",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 1.5.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Ella Core is a 5G core designed for private networks. Prior to 1.5.1, Ella Core panics when processing a malformed integrity protected NGAP/NAS message with a length under 7 bytes. An attacker able to send crafted NAS messages to Ella Core can crash the process, causing service disruption for all connected subscribers. No authentication is required. This vulnerability is fixed in 1.5.1."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "CWE-125: Out-of-bounds Read",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-12T21:33:32.463Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/ellanetworks/core/security/advisories/GHSA-m9pm-w3gv-c68f",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/ellanetworks/core/security/advisories/GHSA-m9pm-w3gv-c68f"
            }
          ],
          "source": {
            "advisory": "GHSA-m9pm-w3gv-c68f",
            "discovery": "UNKNOWN"
          },
          "title": "Ella Core: Unauthenticated AMF DoS via malformed InitialUEMessage with undersized integrity-protected NAS payload"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-32319",
        "datePublished": "2026-03-12T21:33:32.463Z",
        "dateReserved": "2026-03-11T21:16:21.661Z",
        "dateUpdated": "2026-03-14T03:45:57.547Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }