Skip to main content
A Leader in the 2026 Gartner® Magic Quadrant™ for Endpoint Protection. Six years running.Find Out Why
CVE Vulnerability Database
Vulnerability Database/CVE-2026-32319

CVE-2026-32319: Ellanetworks Ella Core DoS Vulnerability

CVE-2026-32319 is a denial of service flaw in Ellanetworks Ella Core that allows unauthenticated attackers to crash the 5G core by sending malformed NAS messages. This article covers technical details, affected versions, and mitigation.

Published:

CVE-2026-32319 Overview

Ella Core is a 5G core designed for private networks. Prior to version 1.5.1, Ella Core panics when processing a malformed integrity protected NGAP/NAS message with a length under 7 bytes. An attacker able to send crafted NAS messages to Ella Core can crash the process, causing service disruption for all connected subscribers. No authentication is required. This vulnerability is fixed in version 1.5.1.

Critical Impact

Unauthenticated remote attackers can cause complete denial of service for all subscribers connected to the 5G private network by sending malformed NAS messages, resulting in immediate process crash and network-wide service disruption.

Affected Products

  • Ellanetworks Ella Core versions prior to 1.5.1

Discovery Timeline

  • 2026-03-13 - CVE CVE-2026-32319 published to NVD
  • 2026-03-19 - Last updated in NVD database

Technical Details for CVE-2026-32319

Vulnerability Analysis

This vulnerability is classified as an Out-of-Bounds Read (CWE-125) affecting the NGAP/NAS message processing functionality in Ella Core. The flaw occurs when the 5G core software attempts to process integrity protected messages that are shorter than the expected minimum length of 7 bytes.

When a malformed message is received, the application attempts to read beyond the allocated buffer boundaries, triggering a panic condition that immediately terminates the process. This design flaw in input validation allows any network-accessible attacker to disrupt service without requiring any form of authentication or authorization.

The vulnerability is particularly severe in the context of private 5G networks where Ella Core serves as critical infrastructure. A successful exploit results in complete service disruption for all connected subscribers until the process is restarted.

Root Cause

The root cause is insufficient length validation in the NGAP/NAS message parsing routine. The code fails to verify that incoming integrity protected messages meet the minimum required length (7 bytes) before attempting to process the message contents. This missing boundary check allows the parser to read memory outside the allocated message buffer, causing the Go runtime to panic and crash the entire process.

Attack Vector

The attack can be executed remotely over the network without any authentication. An attacker with network access to the Ella Core NAS interface can send specially crafted messages with a length under 7 bytes. The vulnerability requires no user interaction and can be exploited reliably to cause immediate denial of service.

The attack flow consists of:

  1. Attacker identifies a target Ella Core instance on the network
  2. Attacker crafts a malformed integrity protected NGAP/NAS message with length under 7 bytes
  3. Attacker sends the crafted message to the Ella Core NAS processing endpoint
  4. Ella Core attempts to parse the message and triggers an out-of-bounds read
  5. The application panics and crashes, disrupting service for all connected subscribers

Detection Methods for CVE-2026-32319

Indicators of Compromise

  • Unexpected Ella Core process crashes or restarts in system logs
  • NGAP/NAS messages with abnormally short lengths (under 7 bytes) in network traffic captures
  • Repeated service disruptions affecting all 5G subscribers simultaneously
  • Crash dumps or core files indicating panic conditions in message parsing routines

Detection Strategies

  • Monitor Ella Core process health and implement alerting on unexpected terminations
  • Deploy network intrusion detection rules to identify NGAP/NAS messages with suspicious payload lengths
  • Analyze system logs for panic messages or stack traces related to NAS message processing
  • Implement packet inspection at network boundaries to detect malformed 5G signaling traffic

Monitoring Recommendations

  • Enable comprehensive logging for all NGAP/NAS message processing activities
  • Configure process monitoring to detect and alert on Ella Core crashes within seconds
  • Establish baseline metrics for normal message lengths and alert on statistical anomalies
  • Deploy network flow analysis to identify sources sending unusually short NAS messages

How to Mitigate CVE-2026-32319

Immediate Actions Required

  • Upgrade Ella Core to version 1.5.1 or later immediately
  • Implement network segmentation to restrict access to the Ella Core NAS interface
  • Deploy intrusion prevention systems capable of blocking malformed NGAP/NAS messages
  • Establish automated process restart mechanisms to minimize downtime during attacks

Patch Information

The vulnerability is fixed in Ella Core version 1.5.1. Organizations should upgrade to this version or later to remediate the vulnerability. For detailed patch information and release notes, refer to the GitHub Security Advisory.

Workarounds

  • Restrict network access to Ella Core NAS interfaces using firewall rules to trusted sources only
  • Deploy a network-level filter or WAF to drop NGAP/NAS messages with payload lengths under 7 bytes
  • Implement automatic process restart and monitoring to reduce impact duration of successful exploits
  • Consider deploying Ella Core behind a reverse proxy or load balancer capable of basic message validation

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

Default Legacy - Prefooter | Experience the World’s Most Advanced Cybersecurity Platform

Experience the Most Advanced Cybersecurity Platform

See how the world’s most intelligent, autonomous cybersecurity platform can protect your organization today and into the future.

Try SentinelOne