CVE-2026-44475

Ella Core is a 5G core designed for private networks. Prior to 1.10.0, Ella Core does not verify the UE Security Capabilities received in NGAP PathSwitchRequest messages against its locally stored values. A malicious gNB can overwrite Ella Core's stored UE security capabilities for any UE with arbitrary values by sending a single crafted PathSwitchRequest. This vulnerability is fixed in 1.10.0.

CVSS v3 6.1 MEDIUM

6.1^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 2.7

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact LOW

Scope CHANGED

References

Link	Resource
https://github.com/ellanetworks/core/security/advisories/GHSA-pwfh-mqp3-pqwj

Configurations

No configuration.

History

27 May 2026, 17:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-05-27 17:16

Updated : 2026-05-27 20:03

NVD link : CVE-2026-44475

Mitre link : CVE-2026-44475

CVE.ORG link : CVE-2026-44475

JSON object : View

Products Affected

No product.

CWE

CWE-358

Improperly Implemented Security Check for Standard

6.1 /10