CVE-2026-32320 is a vulnerability classified as CWE-125 (Out-of-bounds Read) affecting Ella Core, a 5G core network product used primarily in private 5G deployments. The flaw exists in versions prior to 1.5.1, where the core improperly handles PathSwitchRequest NGAP messages containing UE Security Capabilities fields with zero-length bitstrings for NR encryption or integrity protection algorithms. When such a malformed message is processed, the core attempts to read beyond the allocated buffer boundaries, triggering a panic and crashing the core process. This results in a denial of service (DoS) condition that disrupts connectivity for all subscribers relying on the affected core. The attack vector is network-based (AV:N), requiring low attack complexity (AC:L) and no user interaction (UI:N). While privileges are required (PR:L), no authentication is needed, meaning an attacker with network access to the NGAP interface can exploit this vulnerability. The vulnerability does not impact confidentiality or integrity but severely affects availability. No known exploits have been reported in the wild as of the publication date. The issue is resolved in version 1.5.1 of Ella Core, and users are advised to upgrade promptly to mitigate the risk.

The primary impact of this vulnerability is a denial of service affecting availability. Organizations using vulnerable versions of Ella Core in their private 5G networks may experience unexpected core crashes, leading to service outages for all connected user equipment. This can disrupt critical communications, especially in industrial, enterprise, or specialized private network environments relying on 5G for operational continuity. The lack of confidentiality or integrity impact limits the scope to availability, but the ease of exploitation without authentication and the potential for widespread disruption in a core network component elevates the operational risk. Downtime in private 5G networks can affect manufacturing, logistics, healthcare, and other sectors increasingly dependent on reliable low-latency wireless connectivity. Additionally, the vulnerability could be leveraged as part of a larger attack chain to degrade network reliability or cause cascading failures in dependent systems.

Organizations should immediately upgrade Ella Core to version 1.5.1 or later, where the vulnerability is fixed. Until the upgrade is applied, network administrators should restrict access to the NGAP interface to trusted entities only, implementing strict network segmentation and firewall rules to limit exposure to potentially malicious actors. Monitoring NGAP traffic for anomalous or malformed PathSwitchRequest messages can help detect exploitation attempts. Deploying intrusion detection or prevention systems with custom signatures targeting zero-length UE Security Capabilities bitstrings may provide additional protection. Regularly auditing and validating 5G core configurations and applying vendor security advisories promptly will reduce risk. Additionally, organizations should have incident response plans to quickly recover from core crashes and minimize downtime. Given the low complexity of exploitation, proactive patch management is the most effective mitigation.