VDB

CVE-2026-32320

CVE-2026-32320 PUBLISHED CVSS 6.5 MEDIUM

Ella Core is a 5G core designed for private networks. Prior to 1.5.1, Ella Core panics when processing a PathSwitchRequest containing UE Security Capabilities with zero-length NR encryption or integrity protection algorithm bitstrings, resulting in a denial of service. An attacker able to send crafted NGAP messages to Ella Core can crash the process, causing service disruption for all connected subscribers. No authentication is required. This vulnerability is fixed in 1.5.1.

EPSS 0.06% · 18.8th percentile

Risk Scores

CVSS v3.1
6.5
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
EPSS Score
0.06%
18.8th percentile

Affected Products

VendorProductVersions
github.comellanetworks/core0, 0, 0
ellanetworksella_core0, 0, 0
ellanetworkscore< 1.5.1, < 1.5.1, < 1.5.1

Timeline

  • Mar 12, 2026 CVE Published
  • Mar 12, 2026 PoC Published
  • Mar 12, 2026 PoC Published
  • Mar 13, 2026 EPSS Score
  • Mar 14, 2026 EPSS Score
  • Mar 15, 2026 EPSS Score
  • Mar 16, 2026 CVE Updated
  • Mar 16, 2026 EPSS Score
  • Mar 17, 2026 EPSS Score
  • Mar 17, 2026 Coalition ESS Score
  • Mar 17, 2026 Security Advisory
  • Mar 18, 2026 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›