CVE-2026-44475

Summary

Ella Core is a 5G core designed for private networks. Prior to 1.10.0, Ella Core does not verify the UE Security Capabilities received in NGAP PathSwitchRequest messages against its locally stored values. A malicious gNB can overwrite Ella Core's stored UE security capabilities for any UE with arbitrary values by sending a single crafted PathSwitchRequest. This vulnerability is fixed in 1.10.0.

Affected Software

VendorProductVersion RangeStatus
ellanetworkscore< 1.10.0affected

Weaknesses

  • CWE-358: CWE-358: Improperly Implemented Security Check for Standard

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References