CVE-2026-32320

MEDIUM

Ella Core <1.5.1 - DoS

Title source: llm

Description

Ella Core is a 5G core designed for private networks. Prior to 1.5.1, Ella Core panics when processing a PathSwitchRequest containing UE Security Capabilities with zero-length NR encryption or integrity protection algorithm bitstrings, resulting in a denial of service. An attacker able to send crafted NGAP messages to Ella Core can crash the process, causing service disruption for all connected subscribers. No authentication is required. This vulnerability is fixed in 1.5.1.

References (1)

[Vendor Advisory] https://github.com/ellanetworks/core/security/advisories/GHSA-j478-p7vq-3347

Scores

CVSS v3 6.5

EPSS 0.0006

EPSS Percentile 17.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-125

Status published

Products (3)

ellanetworks/core 0 - 1.5.1Go

ellanetworks/core < 1.5.1

ellanetworks/ella_core < 1.5.1

Published Mar 13, 2026

Tracked Since Mar 14, 2026