Description
Ella Core is a 5G core designed for private networks. Prior to 1.5.1, Ella Core panics when processing a malformed integrity protected NGAP/NAS message with a length under 7 bytes. An attacker able to send crafted NAS messages to Ella Core can crash the process, causing service disruption for all connected subscribers. No authentication is required. This vulnerability is fixed in 1.5.1.
Published: 2026-03-12
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Immediate Patch
AI Analysis

Impact

Ella Core is a 5G core for private networks. A flaw causes the process to panic when it receives a malformed integrity-protected NGAP/NAS message whose payload length is under 7 bytes. The crash results in a denial of service for all subscribers. No authentication is required to send the crafted message. The vulnerability is classified as CWE-125.

Affected Systems

Ellanetworks Ella Core versions earlier than 1.5.1 are affected. All deployments running these versions are at risk regardless of environment.

Risk and Exploitability

The CVSS v3.1 score of 7.5 indicates high severity. The EPSS score is below 1 %. The vulnerability is not listed in the CISA KEV catalog, suggesting a low likelihood of exploitation. Based on the description, it is inferred that the attack can be performed remotely over the control‑plane interface, since no authentication is required. An attacker who can communicate with the core’s control plane can send the crafted NAS message and trigger the crash, causing complete service disruption.

Generated by OpenCVE AI on March 19, 2026 at 16:38 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the vendor’s official patch to upgrade Ella Core to version 1.5.1 or later.
  • If immediate upgrade is not feasible, isolate the control-plane interface, monitor for abnormal traffic, and apply the patch as soon as possible.

Generated by OpenCVE AI on March 19, 2026 at 16:38 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-m9pm-w3gv-c68f Ella Core vulnerable to Unauthenticated AMF DoS via malformed InitialUEMessage with undersized integrity-protected NAS payload
History

Thu, 19 Mar 2026 14:00:00 +0000

Type Values Removed Values Added
First Time appeared Ellanetworks ella Core
CPEs cpe:2.3:a:ellanetworks:ella_core:*:*:*:*:*:*:*:*
Vendors & Products Ellanetworks ella Core

Sat, 14 Mar 2026 04:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 13 Mar 2026 10:00:00 +0000

Type Values Removed Values Added
First Time appeared Ellanetworks
Ellanetworks core
Vendors & Products Ellanetworks
Ellanetworks core

Thu, 12 Mar 2026 22:00:00 +0000

Type Values Removed Values Added
Description Ella Core is a 5G core designed for private networks. Prior to 1.5.1, Ella Core panics when processing a malformed integrity protected NGAP/NAS message with a length under 7 bytes. An attacker able to send crafted NAS messages to Ella Core can crash the process, causing service disruption for all connected subscribers. No authentication is required. This vulnerability is fixed in 1.5.1.
Title Ella Core: Unauthenticated AMF DoS via malformed InitialUEMessage with undersized integrity-protected NAS payload
Weaknesses CWE-125
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

Subscriptions

Ellanetworks Core Ella Core
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-03-14T03:45:57.547Z

Reserved: 2026-03-11T21:16:21.661Z

Link: CVE-2026-32319

cve-icon Vulnrichment

Updated: 2026-03-14T03:45:53.852Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-13T19:54:42.297

Modified: 2026-03-19T13:45:33.847

Link: CVE-2026-32319

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-23T10:00:05Z

Weaknesses