VYPR
Vendor

Ellanetworks

Products
2
CVEs
14
Across products
14
Status
Private

Products

2

Recent CVEs

14
  • CVE-2026-33906HigMar 27, 2026
    risk 0.40cvss 7.2epss 0.00

    Ella Core is a 5G core designed for private networks. Prior to version 1.7.0, the NetworkManager role was granted backup and restore permission. The restore endpoint accepted any valid SQLite file without verifying its contents. A NetworkManager could replace the production…

  • CVE-2026-44473HigMay 27, 2026
    risk 0.39cvss 7.1epss 0.00

    Ella Core is a 5G core designed for private networks. Prior to 1.10.0, a radio with a valid NG Setup can send a forged PDUSessionResourceSetupResponse carrying any UE's AMF-UE-NGAP-ID. Ella Core does not verify the message arrived on the SCTP association bound to that UE's…

  • CVE-2026-33907MedMar 27, 2026
    risk 0.35cvss 6.5epss 0.00

    Ella Core is a 5G core designed for private networks. Versions prior to 1.7.0 panic when processing Authentication Response and Authentication Failure NAS message missing IEs. An attacker able to send crafted NAS messages to Ella Core can crash the process, causing service…

  • CVE-2026-33904MedMar 27, 2026
    risk 0.35cvss 6.5epss 0.00

    Ella Core is a 5G core designed for private networks. Prior to version 1.7.0, a deadlock in the AMF's SCTP notification handler causes the entire AMF control plane to hang until the process is restarted. An attacker with access to the N2 interface can cause Ella Core to hang,…

  • CVE-2026-33903MedMar 27, 2026
    risk 0.35cvss 6.5epss 0.00

    Ella Core is a 5G core designed for private networks. Versions prior to 1.7.0 panic when processing a specially crafted NGAP LocationReport message. An attacker able to send crafted NGAP messages to Ella Core can crash the process, causing service disruption for all connected…

  • CVE-2026-44475MedMay 27, 2026
    risk 0.33cvss 6.1epss 0.00

    Ella Core is a 5G core designed for private networks. Prior to 1.10.0, Ella Core does not verify the UE Security Capabilities received in NGAP PathSwitchRequest messages against its locally stored values. A malicious gNB can overwrite Ella Core's stored UE security capabilities…

  • CVE-2026-34761MedApr 2, 2026
    risk 0.31cvss 5.8epss 0.00

    Ella Core is a 5G core designed for private networks. Prior to version 1.8.0, Ella Core panics when processing a NGAP handover failure message. An attacker able to cause a gNodeB to send NGAP handover failure messages to Ella Core can crash the process, causing service…

  • CVE-2026-44474LowMay 27, 2026
    risk 0.17cvss 3.7epss 0.00

    Ella Core is a 5G core designed for private networks. Prior to 1.10.0, Ella Core didn't enforce security rules on concurrent running of security procedures defined in TS 33.501 §6.9.5.1 — it could send a NAS Security Mode Command while an N2 handover was still pending (and…

  • CVE-2026-34762LowApr 2, 2026
    risk 0.11cvss 2.7epss 0.00

    Ella Core is a 5G core designed for private networks. Prior to version 1.8.0, the PUT /api/v1/subscriber/{imsi} API accepts an IMSI identifier from both the URL path and the JSON request body but never verifies they match. This allows an authenticated NetworkManager to modify…

  • CVE-2026-33283Mar 23, 2026
    risk 0.00cvss epss 0.00

    Ella Core is a 5G core designed for private networks. Versions prior to 1.6.0 panic when processing malformed UL NAS Transport NAS messages without a Request Type. An attacker able to send crafted NAS messages to Ella Core can crash the process, causing service disruption for…

  • CVE-2026-33282Mar 23, 2026
    risk 0.00cvss epss 0.00

    Ella Core is a 5G core designed for private networks. Versions prior to 1.6.0 panic when processing a malformed NGAP LocationReport message with `ue-presence-in-area-of-interest` event type and omitting the optional `UEPresenceInAreaOfInterestList` IE. An attacker able to send…

  • CVE-2026-33281Mar 23, 2026
    risk 0.00cvss epss 0.00

    Ella Core is a 5G core designed for private networks. Versions prior to 1.6.0 panic when processing NGAP messages with invalid PDU Session IDs outside of 1-15. An attacker able to send crafted NGAP messages to Ella Core can crash the process, causing service disruption for all…

  • CVE-2026-32320Mar 12, 2026
    risk 0.00cvss epss 0.00

    Ella Core is a 5G core designed for private networks. Prior to 1.5.1, Ella Core panics when processing a PathSwitchRequest containing UE Security Capabilities with zero-length NR encryption or integrity protection algorithm bitstrings, resulting in a denial of service. An…

  • CVE-2026-32319Mar 12, 2026
    risk 0.00cvss epss 0.00

    Ella Core is a 5G core designed for private networks. Prior to 1.5.1, Ella Core panics when processing a malformed integrity protected NGAP/NAS message with a length under 7 bytes. An attacker able to send crafted NAS messages to Ella Core can crash the process, causing service…