Cyber Posture

CVE-2026-32320

Medium

Published: 13 March 2026

Published
13 March 2026
Modified
19 March 2026
KEV Added
Patch
CVSS Score 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
EPSS Score 0.0006 17.1th percentile
Risk Priority 13 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-32320 is a medium-severity Out-of-bounds Read (CWE-125) vulnerability in Ellanetworks Ella Core. Its CVSS base score is 6.5 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 17.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

Threat & Defense at a Glance

What attackers do: exploitation maps to Application or System Exploitation (T1499.004).
Threat & Defense Details

MITRE ATT&CK Enterprise TechniquesAI

T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
attack.mitre.org →
Why these techniques?

The CVE describes a remotely triggerable crash (panic from out-of-bounds read) in a network-exposed 5G core process when a crafted NGAP PathSwitchRequest is processed; this directly maps to exploitation of a software vulnerability to cause application/service denial of service.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

Ella Core is a 5G core designed for private networks. Prior to 1.5.1, Ella Core panics when processing a PathSwitchRequest containing UE Security Capabilities with zero-length NR encryption or integrity protection algorithm bitstrings, resulting in a denial of service. An…

more

attacker able to send crafted NGAP messages to Ella Core can crash the process, causing service disruption for all connected subscribers. No authentication is required. This vulnerability is fixed in 1.5.1.

Deeper analysisAI

CVE-2026-32320 is a denial-of-service vulnerability in Ella Core, a 5G core implementation designed for private networks. Versions prior to 1.5.1 suffer from a panic condition triggered when processing a PathSwitchRequest message that includes UE Security Capabilities with zero-length bitstrings for NR encryption or integrity protection algorithms. This issue stems from CWE-125 (out-of-bounds read) and has a CVSS v3.1 base score of 6.5 (AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

An attacker with the ability to send crafted NGAP messages to the Ella Core deployment can exploit this vulnerability to crash the core process, resulting in service disruption for all connected subscribers. No authentication is required to deliver the malicious PathSwitchRequest, enabling remote exploitation over the network with low complexity, though the CVSS vector indicates low privileges (PR:L) are needed.

The vulnerability is addressed in Ella Core version 1.5.1. Security practitioners should upgrade to this patched release, as detailed in the official advisory at https://github.com/ellanetworks/core/security/advisories/GHSA-j478-p7vq-3347.

Details

CWE(s)
CWE-125

Affected Products

ellanetworks
ella core
≤ 1.5.1

CVEs Like This One

CVE-2026-32319Same product: Ellanetworks Ella Core
CVE-2026-33282Same product: Ellanetworks Ella Core
CVE-2026-33281Same product: Ellanetworks Ella Core
CVE-2026-33283Same product: Ellanetworks Ella Core
CVE-2026-33906Same product: Ellanetworks Ella Core
CVE-2025-0612Shared CWE-125
CVE-2026-25942Shared CWE-125
CVE-2026-25627Shared CWE-125
CVE-2026-3631Shared CWE-125
CVE-2024-50600Shared CWE-125

References