CVE-2026-32319
Received Received - Intake
Denial of Service via Malformed NAS Messages in Ella Core

Publication date: 2026-03-13

Last updated on: 2026-03-19

Assigner: GitHub, Inc.

Description
Ella Core is a 5G core designed for private networks. Prior to 1.5.1, Ella Core panics when processing a malformed integrity protected NGAP/NAS message with a length under 7 bytes. An attacker able to send crafted NAS messages to Ella Core can crash the process, causing service disruption for all connected subscribers. No authentication is required. This vulnerability is fixed in 1.5.1.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-13
Last Modified
2026-03-19
Generated
2026-06-16
AI Q&A
2026-03-13
EPSS Evaluated
2026-06-15
NVD
CVE-2026-32319
EUVD
EUVD-2026-11722
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
ellanetworks ella_core to 1.5.1 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-125 The product reads data past the end, or before the beginning, of the intended buffer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-32319 is a high-severity vulnerability in the Ella Core 5G core software prior to version 1.5.1. The vulnerability occurs when the software processes a malformed integrity-protected NGAP/NAS message that is shorter than 7 bytes. This causes an out-of-bounds read, leading the system to panic and crash.

An attacker can exploit this by sending specially crafted NAS messages without needing any authentication or user interaction, triggering the crash.

Impact Analysis

This vulnerability can cause a denial-of-service (DoS) condition by crashing the Ella Core process. When exploited, it disrupts service for all connected subscribers, severely impacting availability.

Since no authentication is required to exploit this, an attacker can easily cause service disruption remotely.

Compliance Impact

I don't know

Detection Guidance

[{'type': 'paragraph', 'content': 'This vulnerability occurs when Ella Core processes malformed integrity-protected NGAP/NAS messages shorter than 7 bytes, causing the process to panic and crash.'}, {'type': 'paragraph', 'content': 'To detect exploitation attempts on your network or system, monitor for unusual crashes or panics in the Ella Core process logs that coincide with receipt of NGAP/NAS messages.'}, {'type': 'paragraph', 'content': 'Specifically, you can capture and analyze network traffic for NGAP/NAS messages with lengths under 7 bytes, which are malformed and trigger the vulnerability.'}, {'type': 'list_item', 'content': 'Use packet capture tools like tcpdump or Wireshark to filter NGAP/NAS messages and check their length.'}, {'type': 'list_item', 'content': 'Example tcpdump command to capture NGAP/NAS messages (assuming standard ports):'}, {'type': 'list_item', 'content': "tcpdump -i <interface> -w capture.pcap 'udp port <NGAP/NAS port>'"}, {'type': 'list_item', 'content': 'Then analyze the capture with Wireshark to identify messages shorter than 7 bytes.'}, {'type': 'list_item', 'content': 'Additionally, monitor system logs for Ella Core process crashes or panics that may indicate exploitation attempts.'}] [1]

Mitigation Strategies

The immediate mitigation step is to upgrade Ella Core to version 1.5.1 or later, where the vulnerability is fixed by adding length verification to NAS message handling.

Until the upgrade can be applied, consider implementing network-level filtering to block malformed NGAP/NAS messages shorter than 7 bytes from untrusted sources.

Also, monitor the Ella Core process for crashes and restart it promptly to minimize service disruption.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-32319. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart