DoS Vulnerability in Ella Core 5G Core Network by Ella Networks
CVE-2026-32320

6.5MEDIUM

Key Information:

Vendor: Ellanetworks
Status: Core
Vendor: CVE Published:; 12 March 2026

🔔 Create Ellanetworks Vulnerability Alert

What is CVE-2026-32320?

Ella Core, a solution designed for private 5G networks, experiences a denial of service issue due to its handling of PathSwitchRequest messages. Specifically, versions prior to 1.5.1 can crash when processing requests that include UE Security Capabilities with zero-length NR encryption or integrity protection algorithm bitstrings. An attacker can exploit this vulnerability by sending crafted NGAP messages, resulting in significant service disruption for all subscribers connected to the network. This flaw has been addressed in version 1.5.1.

Affected Version(s)

core < 1.5.1

References

https://github.com/ellanetworks/core/security/advisories/...

x_refsource_CONFIRM

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 12, 2026
Vulnerability Reserved
Mar 11, 2026

CVE-2026-32320 Data

JSON