CVE-2026-32319

HIGH

Ella Core <1.5.1 - DoS

Title source: llm

Description

Ella Core is a 5G core designed for private networks. Prior to 1.5.1, Ella Core panics when processing a malformed integrity protected NGAP/NAS message with a length under 7 bytes. An attacker able to send crafted NAS messages to Ella Core can crash the process, causing service disruption for all connected subscribers. No authentication is required. This vulnerability is fixed in 1.5.1.

References (1)

[Vendor Advisory] https://github.com/ellanetworks/core/security/advisories/GHSA-m9pm-w3gv-c68f

Scores

CVSS v3 7.5

EPSS 0.0007

EPSS Percentile 20.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-125

Status published

Products (3)

ellanetworks/core 0 - 1.5.1Go

ellanetworks/core < 1.5.1

ellanetworks/ella_core < 1.5.1

Published Mar 13, 2026

Tracked Since Mar 14, 2026