Ella Core is a 5G core designed for private networks. Prior to 1.5.1, Ella Core panics when processing a PathSwitchRequest containing UE Security Capabilities with zero-length NR encryption or integrity protection algorithm bitstrings, resulting in a denial of service. An attacker able to send crafted NGAP messages to Ella Core can crash the process, causing service disruption for all connected subscribers. No authentication is required. This vulnerability is fixed in 1.5.1.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00056.

Key SSVC decision points have not yet been added.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions
ellanetworks core affected
Version Status Constraints
< 1.5.1 affected

No data.

No data.

Vendor Product Confidence Versions
Ellanetworks Core 100%
Version Status Scheme Platform
[0,1.5.1)
 affected semver

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Project Subscriptions

Vendors Products
Ellanetworks Subscribe
Core Subscribe
Advisories
Source ID Title
Github GHSA Github GHSA GHSA-j478-p7vq-3347 Ella Core: AMF DoS via malformed PathSwitchRequest with empty NR security capability bitstrings
Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References
Link Providers
https://github.com/ellanetworks/core/security/advisories/GHSA-j478-p7vq-3347 cve-icon
History

Fri, 13 Mar 2026 10:00:00 +0000

Type Values Removed Values Added
First Time appeared Ellanetworks
Ellanetworks core
Vendors & Products Ellanetworks
Ellanetworks core

Thu, 12 Mar 2026 22:00:00 +0000

Type Values Removed Values Added
Description Ella Core is a 5G core designed for private networks. Prior to 1.5.1, Ella Core panics when processing a PathSwitchRequest containing UE Security Capabilities with zero-length NR encryption or integrity protection algorithm bitstrings, resulting in a denial of service. An attacker able to send crafted NGAP messages to Ella Core can crash the process, causing service disruption for all connected subscribers. No authentication is required. This vulnerability is fixed in 1.5.1.
Title Ella Core: AMF DoS via malformed PathSwitchRequest with empty NR security capability bitstrings
Weaknesses CWE-125
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

Projects

Sign in to view the affected projects.

cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-03-12T21:34:50.318Z

Reserved: 2026-03-11T21:16:21.661Z

Link: CVE-2026-32320

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-13T09:49:31Z

Weaknesses