{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-34761", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-03-30T19:17:10.225Z", "datePublished": "2026-04-02T19:03:05.307Z", "dateUpdated": "2026-04-03T15:43:40.050Z"}, "containers": {"cna": {"title": "Ella Core Panics Upon NGAP handover failure", "problemTypes": [{"descriptions": [{"cweId": "CWE-476", "lang": "en", "description": "CWE-476: NULL Pointer Dereference", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/ellanetworks/core/security/advisories/GHSA-6gm8-3g4h-w82m", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/ellanetworks/core/security/advisories/GHSA-6gm8-3g4h-w82m"}, {"name": "https://github.com/ellanetworks/core/releases/tag/v1.8.0", "tags": ["x_refsource_MISC"], "url": "https://github.com/ellanetworks/core/releases/tag/v1.8.0"}], "affected": [{"vendor": "ellanetworks", "product": "core", "versions": [{"version": "< 1.8.0", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-02T19:03:05.307Z"}, "descriptions": [{"lang": "en", "value": "Ella Core is a 5G core designed for private networks. Prior to version 1.8.0, Ella Core panics when processing a NGAP handover failure message. An attacker able to cause a gNodeB to send NGAP handover failure messages to Ella Core can crash the process, causing service disruption for all connected subscribers. This issue has been patched in version 1.8.0."}], "source": {"advisory": "GHSA-6gm8-3g4h-w82m", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-03T15:42:35.859554Z", "id": "CVE-2026-34761", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-03T15:43:40.050Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-34761", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-03T15:42:35.859554Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-03T15:43:34.738Z"}}], "cna": {"title": "Ella Core Panics Upon NGAP handover failure", "source": {"advisory": "GHSA-6gm8-3g4h-w82m", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.8, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "ellanetworks", "product": "core", "versions": [{"status": "affected", "version": "< 1.8.0"}]}], "references": [{"url": "https://github.com/ellanetworks/core/security/advisories/GHSA-6gm8-3g4h-w82m", "name": "https://github.com/ellanetworks/core/security/advisories/GHSA-6gm8-3g4h-w82m", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/ellanetworks/core/releases/tag/v1.8.0", "name": "https://github.com/ellanetworks/core/releases/tag/v1.8.0", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Ella Core is a 5G core designed for private networks. Prior to version 1.8.0, Ella Core panics when processing a NGAP handover failure message. An attacker able to cause a gNodeB to send NGAP handover failure messages to Ella Core can crash the process, causing service disruption for all connected subscribers. This issue has been patched in version 1.8.0."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-476", "description": "CWE-476: NULL Pointer Dereference"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-02T19:03:05.307Z"}}}, "cveMetadata": {"cveId": "CVE-2026-34761", "state": "PUBLISHED", "dateUpdated": "2026-04-03T15:43:40.050Z", "dateReserved": "2026-03-30T19:17:10.225Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-04-02T19:03:05.307Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Ella Core is a 5G core designed for private networks. Prior to version 1.8.0, Ella Core panics when processing a NGAP handover failure message. An attacker able to cause a gNodeB to send NGAP handover failure messages to Ella Core can crash the process, causing service disruption for all connected subscribers. This issue has been patched in version 1.8.0."}], "id": "CVE-2026-34761", "lastModified": "2026-04-03T16:10:23.730", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.3, "impactScore": 4.0, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-04-02T20:16:25.747", "references": [{"source": "security-advisories@github.com", "url": "https://github.com/ellanetworks/core/releases/tag/v1.8.0"}, {"source": "security-advisories@github.com", "url": "https://github.com/ellanetworks/core/security/advisories/GHSA-6gm8-3g4h-w82m"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,1.8.0)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "core", "source": "cna", "vendor": "ellanetworks"}, "product": "core", "vendor": "ellanetworks"}], "analysis": {"en": {"generated_at": "2026-04-02T22:20:42.623281+00:00", "value": {"mitigation_remediation": ["Apply the vendor patch to version 1.8.0 or newer.", "Restart the Ella Core service after patching to ensure the update takes effect.", "Verify that the running version reflects the patch.", "Monitor logs for NGAP handover failure messages to detect any exploitation attempts."], "summary": {"action": "Immediate Patch", "impact": "Denial of Service"}, "threat_synthesis": {"affected_systems": "The vulnerability affects Ella Core 5G core developed by ellanetworks, specifically versions prior to 1.8.0. A patch is available in version 1.8.0 and later, which fixes the crash.", "description_and_impact": "Ella Core panics when processing a NGAP handover failure message, causing the process to crash and resulting in service disruption for all connected subscribers. The underlying weakness is a null pointer dereference identified as CWE-476.", "risk_and_exploitability": "The vulnerability has a CVSS score of 5.8, indicating moderate severity. EPSS information is not available and the issue is not listed in the CISA KEV catalog. Attackers would need to manipulate a gNodeB to send NGAP handover failure messages to the core, so the likely attack vector is the NGAP interface between gNodeB and core. This requirement infers that the attack may be feasible in environments where the attacker has influence over a gNodeB or can intercept NGAP traffic."}}}}, "created": "2026-04-03T07:31:33.075113+00:00", "updated": "2026-04-03T09:16:29.296004+00:00", "vendors": ["ellanetworks", "ellanetworks$PRODUCT$core"]}