CVE-2026-34761

MEDIUM 5.8

Ella Core Panics Upon NGAP handover failure

CVSS Score

5.8

EPSS Score

0.0%

EPSS Percentile

13th

Ella Core is a 5G core designed for private networks. Prior to version 1.8.0, Ella Core panics when processing a NGAP handover failure message. An attacker able to cause a gNodeB to send NGAP handover failure messages to Ella Core can crash the process, causing service disruption for all connected subscribers. This issue has been patched in version 1.8.0.

CWE	CWE-476
Vendor	ellanetworks
Product	core
Published	Apr 2, 2026
Last Updated	Apr 3, 2026

Stay Ahead of the Next One

Get instant alerts for ellanetworks core

Be the first to know when new medium vulnerabilities affecting ellanetworks core are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H

Attack Vector

Network

Attack Complexity

High

Privileges Required

High

User Interaction

None

Scope

Changed

Confidentiality

None

Integrity

None

Availability

High

Affected Versions

ellanetworks / core

< 1.8.0

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/ellanetworks/core/security/advisories/GHSA-6gm8-3g4h-w82m github.com: https://github.com/ellanetworks/core/releases/tag/v1.8.0