github.com/ellanetworks/core (go) security advisories

HIGH 7.1

Go

CVE-2026-44473

Ella Core Vulnerable to UE Downlink Redirection via Forged PDUSessionResourceSetupResponse

May 11, 2026

MEDIUM 6.1

Go

CVE-2026-44475

Ella Core has a UE Security Capability bypass on NGAP PathSwitchRequest

May 11, 2026

LOW 3.7

Go

CVE-2026-44474

Ella Core has handover failures during concurrent Security Mode Command

May 11, 2026

MEDIUM 5.8

Go

CVE-2026-34761

Ella Core Panics Upon NGAP handover failure

Apr 1, 2026

LOW 2.7

Go

CVE-2026-34762

Ella Core Has Audit Log Falsification via Path/Body IMSI Mismatch in UpdateSubscriber

Apr 1, 2026

HIGH 7.2

Go

CVE-2026-33906

Ella Core has Privilege Escalation via Database Restore by NetworkManager role

Mar 26, 2026

MEDIUM 6.5

Go

CVE-2026-33907

Ella Core Panics during NAS Authentication Response/Failure with missing IEs

Mar 26, 2026

MEDIUM 6.5

Go

CVE-2026-33904

Ella Core has a Denial of Service via SCTP connection cleanup deadlock

Mar 26, 2026

UNKNOWN

Go

CVE-2026-33906

Ella Core has Privilege Escalation via Database Restore by NetworkManager role in github.com/ellanetworks/core

Apr 2, 2026

UNKNOWN

Go

CVE-2026-33904

Ella Core has a Denial of Service via SCTP connection cleanup deadlock in github.com/ellanetworks/core

Apr 2, 2026

UNKNOWN

Go

CVE-2026-33907

Ella Core Panics during NAS Authentication Response/Failure with missing IEs in github.com/ellanetworks/core

Apr 2, 2026

MEDIUM 6.5

Go

CVE-2026-33903

Ella Core panics when processing a crafted NGAP LocationReport message

Mar 26, 2026

UNKNOWN

Go

CVE-2026-33903

Ella Core panics when processing a crafted NGAP LocationReport message in github.com/ellanetworks/core

Apr 2, 2026

HIGH 7.5

Go

CVE-2026-33282

Ella Core panics on malformed NGAP Location Report

Mar 19, 2026

MEDIUM 6.5

Go

CVE-2026-33283

Ella Core panics on malformed ULNASTransport Message without a Request Type

Mar 19, 2026

MEDIUM 6.5

Go

CVE-2026-33281

Ella Core panics on invalid PDU Session IDs in NGAP messages

Mar 19, 2026

UNKNOWN

Go

CVE-2026-33283

Ella Core panics on malformed ULNASTransport Message without a Request Type in github.com/ellanetworks/core

Mar 23, 2026

UNKNOWN

Go

CVE-2026-33281

Ella Core panics on invalid PDU Session IDs in NGAP messages in github.com/ellanetworks/core

Mar 23, 2026

UNKNOWN

Go

CVE-2026-33282

Ella Core panics on malformed NGAP Location Report in github.com/ellanetworks/core

Mar 23, 2026

HIGH 7.5

Go

CVE-2026-32319

Ella Core vulnerable to Unauthenticated AMF DoS via malformed InitialUEMessage with undersized integrity-protected NAS payload

Mar 12, 2026

MEDIUM 6.5

Go

CVE-2026-32320

Ella Core: AMF DoS via malformed PathSwitchRequest with empty NR security capability bitstrings

Mar 12, 2026

UNKNOWN

Go

CVE-2026-32319

Ella Core vulnerable to Unauthenticated AMF DoS via malformed InitialUEMessage with undersized integrity-protected NAS payload in github.com/ellanetworks/core

Mar 13, 2026

UNKNOWN

Go

CVE-2026-32320

Ella Core: AMF DoS via malformed PathSwitchRequest with empty NR security capability bitstrings in github.com/ellanetworks/core

Mar 13, 2026

github.com/ellanetworks/core

Vulnerabilities

Ella Core Vulnerable to UE Downlink Redirection via Forged PDUSessionResourceSetupResponse

Ella Core has a UE Security Capability bypass on NGAP PathSwitchRequest

Ella Core has handover failures during concurrent Security Mode Command

Ella Core Panics Upon NGAP handover failure

Ella Core Has Audit Log Falsification via Path/Body IMSI Mismatch in UpdateSubscriber

Ella Core has Privilege Escalation via Database Restore by NetworkManager role

Ella Core Panics during NAS Authentication Response/Failure with missing IEs

Ella Core has a Denial of Service via SCTP connection cleanup deadlock

Ella Core has Privilege Escalation via Database Restore by NetworkManager role in github.com/ellanetworks/core

Ella Core has a Denial of Service via SCTP connection cleanup deadlock in github.com/ellanetworks/core

Ella Core Panics during NAS Authentication Response/Failure with missing IEs in github.com/ellanetworks/core

Ella Core panics when processing a crafted NGAP LocationReport message

Ella Core panics when processing a crafted NGAP LocationReport message in github.com/ellanetworks/core

Ella Core panics on malformed NGAP Location Report

Ella Core panics on malformed ULNASTransport Message without a Request Type

Ella Core panics on invalid PDU Session IDs in NGAP messages

Ella Core panics on malformed ULNASTransport Message without a Request Type in github.com/ellanetworks/core

Ella Core panics on invalid PDU Session IDs in NGAP messages in github.com/ellanetworks/core

Ella Core panics on malformed NGAP Location Report in github.com/ellanetworks/core

Ella Core vulnerable to Unauthenticated AMF DoS via malformed InitialUEMessage with undersized integrity-protected NAS payload

Ella Core: AMF DoS via malformed PathSwitchRequest with empty NR security capability bitstrings

Ella Core vulnerable to Unauthenticated AMF DoS via malformed InitialUEMessage with undersized integrity-protected NAS payload in github.com/ellanetworks/core

Ella Core: AMF DoS via malformed PathSwitchRequest with empty NR security capability bitstrings in github.com/ellanetworks/core

Start Securing