CVE-2026-44474

Ella Core is a 5G core designed for private networks. Prior to 1.10.0, Ella Core didn't enforce security rules on concurrent running of security procedures defined in TS 33.501 §6.9.5.1 — it could send a NAS Security Mode Command while an N2 handover was still pending and vice versa. Concurrent...

CVE-2026-42082

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, the AMF in Free5GC does not enforce the concurrent security procedure rules defined in 3GPP TS 33.501 §6.9.5.1. The AMF does not check for ongoing N2 handover procedures before initiating a NAS Security Mode Command,...

CVE-2026-42082 free5GC: Missing Concurrent NAS SMC Validation During NGAP Handover

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, the AMF in Free5GC does not enforce the concurrent security procedure rules defined in 3GPP TS 33.501 §6.9.5.1. The AMF does not check for ongoing N2 handover procedures before initiating a NAS Security Mode Command,...

CVE-2026-42082

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, the AMF in Free5GC does not enforce the concurrent security procedure rules defined in 3GPP TS 33.501 §6.9.5.1. The AMF does not check for ongoing N2 handover procedures before initiating a NAS Security Mode Command,...

EUVD-2026-32556

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, the AMF in Free5GC does not enforce the concurrent security procedure rules defined in 3GPP TS 33.501 §6.9.5.1. The AMF does not check for ongoing N2 handover procedures before initiating a NAS Security Mode Command,...

free5GC 安全特征问题漏洞

free5GC is an open-source project for the 5th generation 5G mobile core network. Versions of free5GC prior to 4.2.2 contained security feature vulnerabilities. These vulnerabilities stemmed from AMF not implementing the concurrent security procedures defined in 3GPP TS 33.501, which could lead to...

Ella Core has handover failures during concurrent Security Mode Command

Summary Ella Core didn't enforce security rules on concurrent running of security procedures defined in TS 33.501 §6.9.5.1 — it could send a NAS Security Mode Command while an N2 handover was still pending and vice versa. Impact Concurrent Security Mode Command and N2 handover produce a KgNB...

PT-2026-39668

Name of the Vulnerable Software and Affected Versions Ella Core versions prior to 1.10.0 Description Ella Core fails to enforce security rules regarding the concurrent execution of security procedures. Specifically, the system may send a NAS Security Mode Command while an N2 handover is still...

PT-2026-38367

Name of the Vulnerable Software and Affected Versions free5GC versions prior to 4.2.2 Description The Access and Mobility Management Function AMF in free5GC fails to enforce concurrent security procedure rules. Specifically, the AMF does not verify if an N2 handover procedure is ongoing before...