VYPR

Ella Core

by Ellanetworks

Source repositories

CVEs (6)

  • CVE-2026-33906HigMar 27, 2026
    risk 0.40cvss 7.2epss 0.00

    Ella Core is a 5G core designed for private networks. Prior to version 1.7.0, the NetworkManager role was granted backup and restore permission. The restore endpoint accepted any valid SQLite file without verifying its contents. A NetworkManager could replace the production…

  • CVE-2026-33907MedMar 27, 2026
    risk 0.35cvss 6.5epss 0.00

    Ella Core is a 5G core designed for private networks. Versions prior to 1.7.0 panic when processing Authentication Response and Authentication Failure NAS message missing IEs. An attacker able to send crafted NAS messages to Ella Core can crash the process, causing service…

  • CVE-2026-33904MedMar 27, 2026
    risk 0.35cvss 6.5epss 0.00

    Ella Core is a 5G core designed for private networks. Prior to version 1.7.0, a deadlock in the AMF's SCTP notification handler causes the entire AMF control plane to hang until the process is restarted. An attacker with access to the N2 interface can cause Ella Core to hang,…

  • CVE-2026-33903MedMar 27, 2026
    risk 0.35cvss 6.5epss 0.00

    Ella Core is a 5G core designed for private networks. Versions prior to 1.7.0 panic when processing a specially crafted NGAP LocationReport message. An attacker able to send crafted NGAP messages to Ella Core can crash the process, causing service disruption for all connected…

  • CVE-2026-34761MedApr 2, 2026
    risk 0.31cvss 5.8epss 0.00

    Ella Core is a 5G core designed for private networks. Prior to version 1.8.0, Ella Core panics when processing a NGAP handover failure message. An attacker able to cause a gNodeB to send NGAP handover failure messages to Ella Core can crash the process, causing service…

  • CVE-2026-34762LowApr 2, 2026
    risk 0.11cvss 2.7epss 0.00

    Ella Core is a 5G core designed for private networks. Prior to version 1.8.0, the PUT /api/v1/subscriber/{imsi} API accepts an IMSI identifier from both the URL path and the JSON request body but never verifies they match. This allows an authenticated NetworkManager to modify…