CVE-2026-32320

{"id": "CVE-2026-32320", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2026-03-13T19:54:42.450", "references": [{"url": "https://github.com/ellanetworks/core/security/advisories/GHSA-j478-p7vq-3347", "tags": ["Vendor Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-125"}]}], "descriptions": [{"lang": "en", "value": "Ella Core is a 5G core designed for private networks. Prior to 1.5.1, Ella Core panics when processing a PathSwitchRequest containing UE Security Capabilities with zero-length NR encryption or integrity protection algorithm bitstrings, resulting in a denial of service. An attacker able to send crafted NGAP messages to Ella Core can crash the process, causing service disruption for all connected subscribers. No authentication is required. This vulnerability is fixed in 1.5.1."}, {"lang": "es", "value": "Ella Core es un n\u00facleo 5G dise\u00f1ado para redes privadas. Antes de la versi\u00f3n 1.5.1, Ella Core entra en p\u00e1nico al procesar una PathSwitchRequest que contiene capacidades de seguridad de UE con bitstrings de algoritmo de cifrado NR o de protecci\u00f3n de integridad de longitud cero, lo que resulta en una denegaci\u00f3n de servicio. Un atacante capaz de enviar mensajes NGAP manipulados a Ella Core puede bloquear el proceso, causando interrupci\u00f3n del servicio para todos los suscriptores conectados. No se requiere autenticaci\u00f3n. Esta vulnerabilidad est\u00e1 corregida en la versi\u00f3n 1.5.1."}], "lastModified": "2026-03-19T13:38:45.690", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ellanetworks:ella_core:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "187BCA62-CD29-487C-B2AE-AEEA54452188", "versionEndExcluding": "1.5.1"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}