CVE-2026-32320 is a medium-severity vulnerability classified as CWE-125 (Out-of-bounds Read) found in Ella Core, a 5G core network product developed by ellanetworks for private 5G deployments. The vulnerability arises when the core processes a PathSwitchRequest NGAP message containing UE Security Capabilities fields with zero-length bitstrings for NR encryption or integrity protection algorithms. This malformed input causes the core to perform an out-of-bounds read, leading to a panic and crash of the core process. Since the core handles subscriber sessions, this crash results in a denial of service affecting all connected subscribers. The vulnerability can be exploited remotely by an attacker capable of sending crafted NGAP messages to the core, without requiring authentication or user interaction. The affected versions are all releases prior to 1.5.1, where the issue has been fixed. The CVSS v3.1 base score is 6.5, reflecting network attack vector, low attack complexity, low privileges required, no user interaction, unchanged scope, no confidentiality or integrity impact, but high availability impact. No public exploits are known at this time, but the ease of triggering a DoS condition on a critical 5G core component makes this a significant risk for private 5G network operators using vulnerable versions.

The primary impact of this vulnerability is a denial of service on the 5G core network component, which can disrupt connectivity for all subscribers connected through the affected Ella Core instance. This can cause service outages in private 5G networks, affecting enterprise operations, industrial automation, or other critical applications relying on continuous 5G connectivity. Since the vulnerability requires no authentication and can be triggered remotely, attackers with network access to the NGAP interface can cause widespread disruption. The loss of availability in a 5G core can have cascading effects on dependent services, potentially impacting operational continuity, safety systems, and business-critical communications. While confidentiality and integrity are not directly impacted, the availability impact alone can be severe for organizations relying on private 5G deployments for mission-critical functions.

Organizations using Ella Core should upgrade to version 1.5.1 or later, where this vulnerability is fixed. Until the upgrade can be performed, network administrators should restrict access to the NGAP interface to trusted and authenticated entities only, using network segmentation, firewall rules, and strict access controls to prevent unauthorized message injection. Monitoring NGAP traffic for anomalous or malformed PathSwitchRequest messages can help detect attempted exploitation. Implementing rate limiting on NGAP message processing may reduce the risk of DoS from repeated exploitation attempts. Additionally, organizations should maintain up-to-date incident response plans for 5G core outages and coordinate with ellanetworks for any patches or advisories. Regular vulnerability scanning and penetration testing focused on 5G core components can help identify and remediate similar issues proactively.