PT-2026-39669 · Ella Core · Ella Core

Sjna0414

·

Published

2026-05-11

·

Updated

2026-06-25

·

CVE-2026-44475

CVSS v3.1

6.1

Medium

VectorAV:A/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L
Name of the Vulnerable Software and Affected Versions Ella Core versions prior to 1.10.0
Description Ella Core, a 5G core for private networks, fails to verify UE Security Capabilities received in NGAP 'PathSwitchRequest' messages against locally stored values. This allows a malicious gNB to overwrite the stored security capabilities for any UE with arbitrary values by sending a single crafted 'PathSwitchRequest', leading to the corruption of the target UE's security data.
Recommendations Update to version 1.10.0.

Exploit

Fix

Improperly Implemented Security Check for Standard

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-44475
GHSA-PWFH-MQP3-PQWJ
GO-2026-5554

Affected Products

Ella Core