VDB
CVE-2026-32319
CVE-2026-32319
PUBLISHED
CVSS 7.5 HIGH
Ella Core is a 5G core designed for private networks. Prior to 1.5.1, Ella Core panics when processing a malformed integrity protected NGAP/NAS message with a length under 7 bytes. An attacker able to send crafted NAS messages to Ella Core can crash the process, causing service disruption for all connected subscribers. No authentication is required. This vulnerability is fixed in 1.5.1.
EPSS 0.07% · 20.6th percentile
Risk Scores
CVSS v3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
0.07%
20.6th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| github.com | ellanetworks/core | 0, 0, 0 |
| ellanetworks | ella_core | 0, 0, 0 |
| ellanetworks | core | < 1.5.1, < 1.5.1, < 1.5.1 |
Timeline
- Mar 12, 2026 CVE Published
- Mar 12, 2026 PoC Published
- Mar 12, 2026 PoC Published
- Mar 12, 2026 PoC Published
- Mar 13, 2026 EPSS Score
- Mar 14, 2026 EPSS Score
- Mar 15, 2026 EPSS Score
- Mar 16, 2026 CVE Updated
- Mar 16, 2026 EPSS Score
- Mar 17, 2026 EPSS Score
- Mar 17, 2026 Coalition ESS Score
- Mar 17, 2026 Security Advisory