CVE-2026-44475: CWE-358: Improperly Implemented Security Check for Standard in ellanetworks core
Ella Core versions prior to 1. 10. 0 contain a vulnerability where the UE Security Capabilities received in NGAP PathSwitchRequest messages are not properly verified against locally stored values. This allows a malicious gNB to overwrite stored UE security capabilities with arbitrary values by sending a crafted PathSwitchRequest message. The issue is fixed in version 1. 10. 0. The vulnerability has a CVSS score of 6. 1, indicating medium severity.
AI Analysis
Technical Summary
CVE-2026-44475 affects Ella Core, a 5G core product by ellanetworks used in private networks. Before version 1.10.0, the product fails to verify UE Security Capabilities in NGAP PathSwitchRequest messages against its local records. This improper security check (CWE-358) enables a malicious gNB to overwrite the stored UE security capabilities for any UE by sending a single crafted PathSwitchRequest. This could impact the integrity and availability of the affected system. The vulnerability is resolved in version 1.10.0.
Potential Impact
An attacker controlling a malicious gNB can overwrite UE security capability data within Ella Core, potentially leading to integrity loss and partial denial of service. The CVSS vector indicates the attack can be performed remotely with low complexity and no privileges or user interaction required, affecting system integrity and availability but not confidentiality.
Mitigation Recommendations
Upgrade Ella Core to version 1.10.0 or later, where this vulnerability is fixed. Since the vendor advisory confirms the fix in 1.10.0, applying this official update is the recommended remediation. Patch status is confirmed by the vendor advisory statement.
CVE-2026-44475: CWE-358: Improperly Implemented Security Check for Standard in ellanetworks core
Description
Ella Core versions prior to 1. 10. 0 contain a vulnerability where the UE Security Capabilities received in NGAP PathSwitchRequest messages are not properly verified against locally stored values. This allows a malicious gNB to overwrite stored UE security capabilities with arbitrary values by sending a crafted PathSwitchRequest message. The issue is fixed in version 1. 10. 0. The vulnerability has a CVSS score of 6. 1, indicating medium severity.
CVSS v3.1
Score 6.1medium
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2026-44475 affects Ella Core, a 5G core product by ellanetworks used in private networks. Before version 1.10.0, the product fails to verify UE Security Capabilities in NGAP PathSwitchRequest messages against its local records. This improper security check (CWE-358) enables a malicious gNB to overwrite the stored UE security capabilities for any UE by sending a single crafted PathSwitchRequest. This could impact the integrity and availability of the affected system. The vulnerability is resolved in version 1.10.0.
Potential Impact
An attacker controlling a malicious gNB can overwrite UE security capability data within Ella Core, potentially leading to integrity loss and partial denial of service. The CVSS vector indicates the attack can be performed remotely with low complexity and no privileges or user interaction required, affecting system integrity and availability but not confidentiality.
Mitigation Recommendations
Upgrade Ella Core to version 1.10.0 or later, where this vulnerability is fixed. Since the vendor advisory confirms the fix in 1.10.0, applying this official update is the recommended remediation. Patch status is confirmed by the vendor advisory statement.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-05-06T17:18:51.782Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a171ce4e29bf47b50d1de41
Added to database: 5/27/2026, 4:33:40 PM
Last enriched: 5/27/2026, 4:49:19 PM
Last updated: 5/27/2026, 6:52:01 PM
Views: 5
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.