7.5

CVE-2026-32320

EPSS 0.05%
Veröffentlicht 12.03.2026 21:34:50
Zuletzt bearbeitet 19.03.2026 13:38:45
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

Ella Core is a 5G core designed for private networks. Prior to 1.5.1, Ella Core panics when processing a PathSwitchRequest containing UE Security Capabilities with zero-length NR encryption or integrity protection algorithm bitstrings, resulting in a denial of service. An attacker able to send crafted NGAP messages to Ella Core can crash the process, causing service disruption for all connected subscribers. No authentication is required. This vulnerability is fixed in 1.5.1.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Ellanetworks ≫ Ella Core Version < 1.5.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.05%	0.147

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
security-advisories@github.com	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

https://github.com/ellanetworks/core/security/advisories/GHSA-j478-p7vq-3347

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2026-32320

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-32320

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-32320

EUVD