CVE-2026-32319

Name of the Vulnerable Software and Affected Versions Ella Core versions prior to 1.5.1

Description Ella Core is a 5G core designed for private networks. Prior to version 1.5.1, the software experiences a panic when processing a malformed integrity-protected NGAP/NAS message with a length less than 7 bytes. An attacker capable of sending crafted NAS messages to Ella Core can cause the process to crash, resulting in service disruption for all connected subscribers. No authentication is required for exploitation. The issue involves processing messages via the InitialUEMessage and affects the AMF component. The vulnerability is related to insufficient length verification during NAS message handling.

Recommendations Update Ella Core to version 1.5.1 or later.