Ellanetworks Ella Core — known CVE vulnerabilities
Every CVE whose affected-product data names Ellanetworks Ella Core, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (11)
CVE-2026-33282 — CVSS 7.5 (high): Ella Core is a 5G core designed for private networks. Versions prior to 1.6.0 panic when processing a malformed NGAP LocationReport message…
CVE-2026-32319 — CVSS 7.5 (high): Ella Core is a 5G core designed for private networks. Prior to 1.5.1, Ella Core panics when processing a malformed integrity protected…
CVE-2026-33906 — CVSS 7.2 (high): Ella Core is a 5G core designed for private networks. Prior to version 1.7.0, the NetworkManager role was granted backup and restore…
CVE-2026-33283 — CVSS 6.5 (medium): Ella Core is a 5G core designed for private networks. Versions prior to 1.6.0 panic when processing malformed UL NAS Transport NAS messages…
CVE-2026-33904 — CVSS 6.5 (medium): Ella Core is a 5G core designed for private networks. Prior to version 1.7.0, a deadlock in the AMF's SCTP notification handler causes the…
CVE-2026-33907 — CVSS 6.5 (medium): Ella Core is a 5G core designed for private networks. Versions prior to 1.7.0 panic when processing Authentication Response and…
CVE-2026-33903 — CVSS 6.5 (medium): Ella Core is a 5G core designed for private networks. Versions prior to 1.7.0 panic when processing a specially crafted NGAP LocationReport…
CVE-2026-32320 — CVSS 6.5 (medium): Ella Core is a 5G core designed for private networks. Prior to 1.5.1, Ella Core panics when processing a PathSwitchRequest containing UE…
CVE-2026-33281 — CVSS 6.5 (medium): Ella Core is a 5G core designed for private networks. Versions prior to 1.6.0 panic when processing NGAP messages with invalid PDU Session…
CVE-2026-34761 — CVSS 5.8 (medium): Ella Core is a 5G core designed for private networks. Prior to version 1.8.0, Ella Core panics when processing a NGAP handover failure…
CVE-2026-34762 — CVSS 2.7 (low): Ella Core is a 5G core designed for private networks. Prior to version 1.8.0, the PUT /api/v1/subscriber/{imsi} API accepts an IMSI…