CVE-2026-44474: CWE-358: Improperly Implemented Security Check for Standard in ellanetworks core
Ella Core is a 5G core designed for private networks. Prior to 1.10.0, Ella Core didn't enforce security rules on concurrent running of security procedures defined in TS 33.501 §6.9.5.1 — it could send a NAS Security Mode Command while an N2 handover was still pending (and vice versa). Concurrent Security Mode Command and N2 handover produce a KgNB mismatch between the UE and target gNB, causing the handover to fail. Requires a stalled gNB + re-registration race to trigger. This vulnerability is fixed in 1.10.0.
AI Analysis
Technical Summary
Ella Core versions before 1.10.0 do not properly enforce security rules on concurrent running of security procedures as defined in TS 33.501 §6.9.5.1. This allows a NAS Security Mode Command to be sent while an N2 handover is still pending, causing a KgNB mismatch between the UE and the target gNB. This mismatch results in handover failure. Exploitation requires a stalled gNB and a re-registration race condition. The vulnerability is addressed in version 1.10.0.
Potential Impact
The vulnerability can cause handover failures in the 5G private network by creating a KgNB mismatch between the UE and target gNB. This impacts availability by disrupting ongoing handovers. There is no impact on confidentiality and only limited impact on integrity. No known exploits are reported in the wild.
Mitigation Recommendations
Upgrade Ella Core to version 1.10.0 or later, where this vulnerability is fixed. Since the vendor has released a fixed version, applying this official update is the recommended remediation. Patch status is confirmed by the vendor's versioning information.
CVE-2026-44474: CWE-358: Improperly Implemented Security Check for Standard in ellanetworks core
Description
Ella Core is a 5G core designed for private networks. Prior to 1.10.0, Ella Core didn't enforce security rules on concurrent running of security procedures defined in TS 33.501 §6.9.5.1 — it could send a NAS Security Mode Command while an N2 handover was still pending (and vice versa). Concurrent Security Mode Command and N2 handover produce a KgNB mismatch between the UE and target gNB, causing the handover to fail. Requires a stalled gNB + re-registration race to trigger. This vulnerability is fixed in 1.10.0.
CVSS v3.1
Score 3.7low
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
Ella Core versions before 1.10.0 do not properly enforce security rules on concurrent running of security procedures as defined in TS 33.501 §6.9.5.1. This allows a NAS Security Mode Command to be sent while an N2 handover is still pending, causing a KgNB mismatch between the UE and the target gNB. This mismatch results in handover failure. Exploitation requires a stalled gNB and a re-registration race condition. The vulnerability is addressed in version 1.10.0.
Potential Impact
The vulnerability can cause handover failures in the 5G private network by creating a KgNB mismatch between the UE and target gNB. This impacts availability by disrupting ongoing handovers. There is no impact on confidentiality and only limited impact on integrity. No known exploits are reported in the wild.
Mitigation Recommendations
Upgrade Ella Core to version 1.10.0 or later, where this vulnerability is fixed. Since the vendor has released a fixed version, applying this official update is the recommended remediation. Patch status is confirmed by the vendor's versioning information.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-05-06T17:18:51.782Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a171ce4e29bf47b50d1de3e
Added to database: 5/27/2026, 4:33:40 PM
Last enriched: 5/27/2026, 4:49:27 PM
Last updated: 5/27/2026, 8:19:58 PM
Views: 7
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.