GHSA-mc29-hmx6-856q

Suggest an improvement
Source
https://github.com/advisories/GHSA-mc29-hmx6-856q
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/05/GHSA-mc29-hmx6-856q/GHSA-mc29-hmx6-856q.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-mc29-hmx6-856q
Aliases
  • CVE-2026-44474
Published
2026-05-11T15:29:41Z
Modified
2026-05-11T15:46:53.506504Z
Severity
  • 3.7 (Low) CVSS_V3 - CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L CVSS Calculator
Summary
Ella Core has handover failures during concurrent Security Mode Command
Details

Summary

Ella Core didn't enforce security rules on concurrent running of security procedures defined in TS 33.501 §6.9.5.1 — it could send a NAS Security Mode Command while an N2 handover was still pending (and vice versa).

Impact

Concurrent Security Mode Command and N2 handover produce a KgNB mismatch between the UE and target gNB, causing the handover to fail. Requires a stalled gNB + re-registration race to trigger.

Fix

Ella Core now enforces both rules from §6.9.5.1, blocking concurrent Security Mode Command and N2 handover procedures.

Database specific 
{
    "github_reviewed": true,
    "github_reviewed_at": "2026-05-11T15:29:41Z",
    "cwe_ids": [
        "CWE-358"
    ],
    "severity": "LOW",
    "nvd_published_at": null
}
References

Affected packages

Go / github.com/ellanetworks/core

Package

Name
github.com/ellanetworks/core
View open source insights on deps.dev
Purl
pkg:golang/github.com/ellanetworks/core

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.10.0

Database specific

source 
"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/05/GHSA-mc29-hmx6-856q/GHSA-mc29-hmx6-856q.json"