VYPR

Core

by Ellanetworks

Source repositories

CVEs (8)

  • CVE-2026-44473HigMay 27, 2026
    risk 0.39cvss 7.1epss 0.00

    Ella Core is a 5G core designed for private networks. Prior to 1.10.0, a radio with a valid NG Setup can send a forged PDUSessionResourceSetupResponse carrying any UE's AMF-UE-NGAP-ID. Ella Core does not verify the message arrived on the SCTP association bound to that UE's…

  • CVE-2026-44475MedMay 27, 2026
    risk 0.33cvss 6.1epss 0.00

    Ella Core is a 5G core designed for private networks. Prior to 1.10.0, Ella Core does not verify the UE Security Capabilities received in NGAP PathSwitchRequest messages against its locally stored values. A malicious gNB can overwrite Ella Core's stored UE security capabilities…

  • CVE-2026-44474LowMay 27, 2026
    risk 0.17cvss 3.7epss 0.00

    Ella Core is a 5G core designed for private networks. Prior to 1.10.0, Ella Core didn't enforce security rules on concurrent running of security procedures defined in TS 33.501 §6.9.5.1 — it could send a NAS Security Mode Command while an N2 handover was still pending (and…

  • CVE-2026-33283Mar 23, 2026
    risk 0.00cvss epss 0.00

    Ella Core is a 5G core designed for private networks. Versions prior to 1.6.0 panic when processing malformed UL NAS Transport NAS messages without a Request Type. An attacker able to send crafted NAS messages to Ella Core can crash the process, causing service disruption for…

  • CVE-2026-33282Mar 23, 2026
    risk 0.00cvss epss 0.00

    Ella Core is a 5G core designed for private networks. Versions prior to 1.6.0 panic when processing a malformed NGAP LocationReport message with `ue-presence-in-area-of-interest` event type and omitting the optional `UEPresenceInAreaOfInterestList` IE. An attacker able to send…

  • CVE-2026-33281Mar 23, 2026
    risk 0.00cvss epss 0.00

    Ella Core is a 5G core designed for private networks. Versions prior to 1.6.0 panic when processing NGAP messages with invalid PDU Session IDs outside of 1-15. An attacker able to send crafted NGAP messages to Ella Core can crash the process, causing service disruption for all…

  • CVE-2026-32320Mar 12, 2026
    risk 0.00cvss epss 0.00

    Ella Core is a 5G core designed for private networks. Prior to 1.5.1, Ella Core panics when processing a PathSwitchRequest containing UE Security Capabilities with zero-length NR encryption or integrity protection algorithm bitstrings, resulting in a denial of service. An…

  • CVE-2026-32319Mar 12, 2026
    risk 0.00cvss epss 0.00

    Ella Core is a 5G core designed for private networks. Prior to 1.5.1, Ella Core panics when processing a malformed integrity protected NGAP/NAS message with a length under 7 bytes. An attacker able to send crafted NAS messages to Ella Core can crash the process, causing service…