Cyber Resilience

CVE-2026-32320

Medium

Published: 13 March 2026

Published
13 March 2026
Modified
19 March 2026
KEV Added
Patch
CVSS Score v3.1 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
EPSS Score 0.0006 18.8th percentile
Risk Priority 13 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-32320 is a medium-severity Out-of-bounds Read (CWE-125) vulnerability in Ellanetworks Ella Core. Its CVSS base score is 6.5 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 18.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-11 (Error Handling).

Deeper analysis

CVE-2026-32320 is a denial-of-service vulnerability in Ella Core, a 5G core implementation designed for private networks. Versions prior to 1.5.1 suffer from a panic condition triggered when processing a PathSwitchRequest message that includes UE Security Capabilities with zero-length bitstrings for NR encryption or integrity protection algorithms. This issue stems from CWE-125 (out-of-bounds read) and has a CVSS v3.1 base score of 6.5 (AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

An attacker with the ability to send crafted NGAP messages to the Ella Core deployment can exploit this vulnerability to crash the core process, resulting in service disruption for all connected subscribers. No authentication is required to deliver the malicious PathSwitchRequest, enabling remote exploitation over the network with low complexity, though the CVSS vector indicates low privileges (PR:L) are needed.

The vulnerability is addressed in Ella Core version 1.5.1. Security practitioners should upgrade to this patched release, as detailed in the official advisory at https://github.com/ellanetworks/core/security/advisories/GHSA-j478-p7vq-3347.

EU & UK References

Vulnerability details

Ella Core is a 5G core designed for private networks. Prior to 1.5.1, Ella Core panics when processing a PathSwitchRequest containing UE Security Capabilities with zero-length NR encryption or integrity protection algorithm bitstrings, resulting in a denial of service. An…

more

attacker able to send crafted NGAP messages to Ella Core can crash the process, causing service disruption for all connected subscribers. No authentication is required. This vulnerability is fixed in 1.5.1.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

The CVE describes a remotely triggerable crash (panic from out-of-bounds read) in a network-exposed 5G core process when a crafted NGAP PathSwitchRequest is processed; this directly maps to exploitation of a software vulnerability to cause application/service denial of service.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-32319Same product: Ellanetworks Ella Core
CVE-2026-33282Same product: Ellanetworks Ella Core
CVE-2026-33281Same product: Ellanetworks Ella Core
CVE-2026-33283Same product: Ellanetworks Ella Core
CVE-2026-33906Same product: Ellanetworks Ella Core
CVE-2026-23388Shared CWE-125
CVE-2025-24265Shared CWE-125
CVE-2025-21717Shared CWE-125
CVE-2026-6918Shared CWE-125
CVE-2026-25942Shared CWE-125

Affected Assets

ellanetworks
ella core
≤ 1.5.1

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires validation of NGAP PathSwitchRequest inputs (UE Security Capabilities bitstrings) to reject zero-length values before they trigger the out-of-bounds read and panic.

prevent

Requires non-abnormal termination on malformed protocol data, preventing the process crash that produces the DoS for all subscribers.

prevent

Provides denial-of-service protection mechanisms that can limit the impact of unauthenticated crafted NGAP messages reaching the 5G core process.

References