Ella Core: Unauthenticated AMF DoS via malformed InitialUEMessage with undersized integrity-protected NAS payload
Description
Ella Core is a 5G core designed for private networks. Prior to 1.5.1, Ella Core panics when processing a malformed integrity protected NGAP/NAS message with a length under 7 bytes. An attacker able to send crafted NAS messages to Ella Core can crash the process, causing service disruption for all connected subscribers. No authentication is required. This vulnerability is fixed in 1.5.1.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Ella Core 5G core panics on malformed NAS messages under 7 bytes, allowing unauthenticated remote attackers to crash the process and disrupt service.
Vulnerability
Overview
CVE-2026-32319 is a denial-of-service vulnerability in Ella Core, a 5G core designed for private networks. Prior to version 1.5.1, the software panics when processing a malformed integrity-protected NGAP/NAS message with a length under 7 bytes [1][4]. The root cause is a missing length check in the message parsing logic, leading to a panic when the code attempts to access data beyond the buffer boundaries.
Exploitation
An attacker can exploit this vulnerability by sending a crafted NAS message to Ella Core over the network. No authentication is required, and the attack can be launched remotely [1][4]. The only prerequisite is the ability to send NAS messages to the target core, which is typically possible from any device that can connect to the 5G network or from an external network if the core is exposed.
Impact
Successful exploitation causes the Ella Core process to crash, resulting in a complete denial of service for all connected subscribers [1][4]. This disrupts all 5G services provided by the core, including voice, data, and signaling, until the process is manually restarted or automatically recovered.
Mitigation
The vulnerability is fixed in Ella Core version 1.5.1 [1][3]. Users are strongly advised to upgrade to this version or later. No workarounds are documented; upgrading is the only known mitigation.
AI Insight generated on May 18, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/ellanetworks/coreGo | < 1.5.1 | 1.5.1 |
Affected products
2- Range: <1.5.1
- ellanetworks/corev5Range: < 1.5.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5- github.com/advisories/GHSA-m9pm-w3gv-c68fghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2026-32319ghsaADVISORY
- github.com/ellanetworks/core/releases/tag/v1.5.1ghsaWEB
- github.com/ellanetworks/core/security/advisories/GHSA-m9pm-w3gv-c68fghsax_refsource_CONFIRMWEB
- pkg.go.dev/vuln/GO-2026-4692ghsaWEB
News mentions
0No linked articles in our index yet.