CVE-2026-32319

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2026-32319
Ella Core is a 5G core designed for private networks. Prior to 1.5.1, Ella Core panics when processing a malformed integrity protected NGAP/NAS message with a length under 7 bytes. An attacker able to send crafted NAS messages to Ella Core can crash the process, causing service disruption for all connected subscribers. No authentication is required. This vulnerability is fixed in 1.5.1.

7.5 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://github.com/ellanetworks/core/security/advisories/GHSA-m9pm-w3gv-c68f Vendor Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:ellanetworks:ella_core:*:*:*:*:*:*:*:*
History

No history.

Information

Published : 2026-03-13 19:54

Updated : 2026-03-19 13:45

NVD link : CVE-2026-32319

Mitre link : CVE-2026-32319

CVE.ORG link : CVE-2026-32319

JSON object : View

Products Affected

ellanetworks

  • ella_core
CWE
CWE-125

Out-of-bounds Read