github.com/ellanetworks/core (Go) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the Go package github.com/ellanetworks/core, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (14)
CVE-2026-33282 — CVSS 7.5 (high): Ella Core is a 5G core designed for private networks. Versions prior to 1.6.0 panic when processing a malformed NGAP LocationReport message…
CVE-2026-32319 — CVSS 7.5 (high): Ella Core is a 5G core designed for private networks. Prior to 1.5.1, Ella Core panics when processing a malformed integrity protected…
CVE-2026-33906 — CVSS 7.2 (high): Ella Core is a 5G core designed for private networks. Prior to version 1.7.0, the NetworkManager role was granted backup and restore…
CVE-2026-44473 — CVSS 7.1 (high): Ella Core is a 5G core designed for private networks. Prior to 1.10.0, a radio with a valid NG Setup can send a forged…
CVE-2026-33283 — CVSS 6.5 (medium): Ella Core is a 5G core designed for private networks. Versions prior to 1.6.0 panic when processing malformed UL NAS Transport NAS messages…
CVE-2026-33903 — CVSS 6.5 (medium): Ella Core is a 5G core designed for private networks. Versions prior to 1.7.0 panic when processing a specially crafted NGAP LocationReport…
CVE-2026-33904 — CVSS 6.5 (medium): Ella Core is a 5G core designed for private networks. Prior to version 1.7.0, a deadlock in the AMF's SCTP notification handler causes the…
CVE-2026-32320 — CVSS 6.5 (medium): Ella Core is a 5G core designed for private networks. Prior to 1.5.1, Ella Core panics when processing a PathSwitchRequest containing UE…
CVE-2026-33907 — CVSS 6.5 (medium): Ella Core is a 5G core designed for private networks. Versions prior to 1.7.0 panic when processing Authentication Response and…
CVE-2026-33281 — CVSS 6.5 (medium): Ella Core is a 5G core designed for private networks. Versions prior to 1.6.0 panic when processing NGAP messages with invalid PDU Session…
CVE-2026-44475 — CVSS 6.1 (medium): Ella Core is a 5G core designed for private networks. Prior to 1.10.0, Ella Core does not verify the UE Security Capabilities received in…
CVE-2026-34761 — CVSS 5.8 (medium): Ella Core is a 5G core designed for private networks. Prior to version 1.8.0, Ella Core panics when processing a NGAP handover failure…
CVE-2026-44474 — CVSS 3.7 (low): Ella Core is a 5G core designed for private networks. Prior to 1.10.0, Ella Core didn't enforce security rules on concurrent running of…
CVE-2026-34762 — CVSS 2.7 (low): Ella Core is a 5G core designed for private networks. Prior to version 1.8.0, the PUT /api/v1/subscriber/{imsi} API accepts an IMSI…