Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).
| Vendor | Product | Default status | Versions | ||||||
|---|---|---|---|---|---|---|---|---|---|
| ellanetworks | core | affected |
|
No data.
No data.
OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.
| Vendors | Products |
|---|---|
|
Ellanetworks
Subscribe
|
Core
Subscribe
|
| Source | ID | Title |
|---|---|---|
 Github GHSA |
GHSA-j478-p7vq-3347 | Ella Core: AMF DoS via malformed PathSwitchRequest with empty NR security capability bitstrings |
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
Fri, 13 Mar 2026 10:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Ellanetworks
Ellanetworks core |
|
| Vendors & Products |
Ellanetworks
Ellanetworks core |
Thu, 12 Mar 2026 22:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Ella Core is a 5G core designed for private networks. Prior to 1.5.1, Ella Core panics when processing a PathSwitchRequest containing UE Security Capabilities with zero-length NR encryption or integrity protection algorithm bitstrings, resulting in a denial of service. An attacker able to send crafted NGAP messages to Ella Core can crash the process, causing service disruption for all connected subscribers. No authentication is required. This vulnerability is fixed in 1.5.1. | |
| Title | Ella Core: AMF DoS via malformed PathSwitchRequest with empty NR security capability bitstrings | |
| Weaknesses | CWE-125 | |
| References |
| |
| Metrics |
cvssV3_1
|
Projects
Sign in to view the affected projects.
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published:
Updated: 2026-03-12T21:34:50.318Z
Reserved: 2026-03-11T21:16:21.661Z
Link: CVE-2026-32320
Vulnrichment
No data.
NVD
No data.
Redhat
No data.
OpenCVE Enrichment
Updated: 2026-03-13T09:49:31Z