CVE-2026-33904
MEDIUMElla Core <1.7.0 SCTP Cleanup - Denial of Service
Title source: manualDescription
Ella Core is a 5G core designed for private networks. Prior to version 1.7.0, a deadlock in the AMF's SCTP notification handler causes the entire AMF control plane to hang until the process is restarted. An attacker with access to the N2 interface can cause Ella Core to hang, resulting in a denial of service for all subscribers. Version 1.7.0 adds deferred Radio cleanup in serveConn SCTP server so that every connection exit path removes the radio. Remove the stale-entry scan from SCTP Notification handling.
References (3)
Core 3
Core References
X_Refsource_Confirm x_refsource_confirm
https://github.com/ellanetworks/core/security/advisories/GHSA-9h59-p45g-445h
X_Refsource_Misc x_refsource_misc
https://github.com/ellanetworks/core/commit/999f606c5cae261471d9e3f063d7ecd1bd754076
X_Refsource_Misc x_refsource_misc
https://github.com/ellanetworks/core/releases/tag/v1.7.0
Scores
CVSS v3
6.5
EPSS
0.0016
EPSS Percentile
6.1%
Attack Vector
ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-833
Status
published
Products (3)
ellanetworks/core
0 - 1.7.0Go
ellanetworks/core
< 1.7.0
ellanetworks/ella_core
< 1.7.0
Published
Mar 27, 2026
Tracked Since
Mar 29, 2026