PT-2026-39668 · Ellanetworks+1 · Core+1
Sjna0414
·
Published
2026-05-11
·
Updated
2026-05-27
·
CVE-2026-44474
CVSS v3.1
3.7
Low
| Vector | AV:A/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L |
Name of the Vulnerable Software and Affected Versions
Ella Core versions prior to 1.10.0
Description
Ella Core fails to enforce security rules regarding the concurrent execution of security procedures. Specifically, the system may send a NAS Security Mode Command while an N2 handover is still pending, or vice versa. This concurrency results in a KgNB mismatch between the User Equipment (UE) and the target gNB, leading to a handover failure. Triggering this issue requires a stalled gNB combined with a re-registration race.
Recommendations
Update to version 1.10.0.
Fix
Improperly Implemented Security Check for Standard
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Core
Github.Com/Ellanetworks/Core