CVE-2026-44474

Ella Core is a 5G core designed for private networks. Prior to 1.10.0, Ella Core didn't enforce security rules on concurrent running of security procedures defined in TS 33.501 §6.9.5.1 — it could send a NAS Security Mode Command while an N2 handover was still pending and vice versa. Concurrent...

CVE-2026-42082 free5GC: Missing Concurrent NAS SMC Validation During NGAP Handover

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, the AMF in Free5GC does not enforce the concurrent security procedure rules defined in 3GPP TS 33.501 §6.9.5.1. The AMF does not check for ongoing N2 handover procedures before initiating a NAS Security Mode Command,...

PT-2026-29708

Name of the Vulnerable Software and Affected Versions Ella Core versions prior to 1.8.0 Description Ella Core experiences a panic when processing a NGAP handover failure message. An attacker capable of triggering a gNodeB to send NGAP handover failure messages to Ella Core can cause a process...

CVE-2022-33250

Transient DOS due to reachable assertion in modem when network repeatedly sent invalid message container for NR to LTE handover...

Design/Logic Flaw

Transient DOS due to reachable assertion in modem when network repeatedly sent invalid message container for NR to LTE handover...