Ellanetworks Core
14 CVEs affecting Ellanetworks Core. Latest disclosed: 2026-05-27. Critical: 0, High: 4.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-33282 | High | 7.5 | 2026-03-23 | Ella Core is a 5G core designed for private networks. Versions prior to 1.6.0 panic when processing a malformed NGAP LocationReport message with `ue-presence-… |
CVE-2026-32319 | High | 7.5 | 2026-03-12 | Ella Core is a 5G core designed for private networks. Prior to 1.5.1, Ella Core panics when processing a malformed integrity protected NGAP/NAS message with a… |
CVE-2026-33906 | High | 7.2 | 2026-03-27 | Ella Core is a 5G core designed for private networks. Prior to version 1.7.0, the NetworkManager role was granted backup and restore permission. The restore en… |
CVE-2026-44473 | High | 7.1 | 2026-05-27 | Ella Core is a 5G core designed for private networks. Prior to 1.10.0, a radio with a valid NG Setup can send a forged PDUSessionResourceSetupResponse carrying… |
CVE-2026-33907 | Medium | 6.5 | 2026-03-27 | Ella Core is a 5G core designed for private networks. Versions prior to 1.7.0 panic when processing Authentication Response and Authentication Failure NAS mess… |
CVE-2026-33904 | Medium | 6.5 | 2026-03-27 | Ella Core is a 5G core designed for private networks. Prior to version 1.7.0, a deadlock in the AMF's SCTP notification handler causes the entire AMF control p… |
CVE-2026-33903 | Medium | 6.5 | 2026-03-27 | Ella Core is a 5G core designed for private networks. Versions prior to 1.7.0 panic when processing a specially crafted NGAP LocationReport message. An attacke… |
CVE-2026-33283 | Medium | 6.5 | 2026-03-23 | Ella Core is a 5G core designed for private networks. Versions prior to 1.6.0 panic when processing malformed UL NAS Transport NAS messages without a Request T… |
CVE-2026-33281 | Medium | 6.5 | 2026-03-23 | Ella Core is a 5G core designed for private networks. Versions prior to 1.6.0 panic when processing NGAP messages with invalid PDU Session IDs outside of 1-15… |
CVE-2026-32320 | Medium | 6.5 | 2026-03-12 | Ella Core is a 5G core designed for private networks. Prior to 1.5.1, Ella Core panics when processing a PathSwitchRequest containing UE Security Capabilities… |
CVE-2026-44475 | Medium | 6.1 | 2026-05-27 | Ella Core is a 5G core designed for private networks. Prior to 1.10.0, Ella Core does not verify the UE Security Capabilities received in NGAP PathSwitchReques… |
CVE-2026-34761 | Medium | 5.8 | 2026-04-02 | Ella Core is a 5G core designed for private networks. Prior to version 1.8.0, Ella Core panics when processing a NGAP handover failure message. An attacker abl… |
CVE-2026-44474 | Low | 3.7 | 2026-05-27 | Ella Core is a 5G core designed for private networks. Prior to 1.10.0, Ella Core didn't enforce security rules on concurrent running of security procedures def… |
CVE-2026-34762 | Low | 2.7 | 2026-04-02 | Ella Core is a 5G core designed for private networks. Prior to version 1.8.0, the PUT /api/v1/subscriber/{imsi} API accepts an IMSI identifier from both the UR… |