CVE-2026-32319: Unauthenticated Denial of Service in Ella Core AMF via Malformed NAS Messages

Ella Core is a 5G core network implementation designed for private network deployments. The architecture relies on the Access and Mobility Management Function (AMF) to handle connection and mobility management tasks for User Equipment (UE). The AMF acts as the primary control plane entry point for UEs communicating over the N2 interface via the Next Generation Application Protocol (NGAP).

The vulnerability exists in the AMF's handling of Non-Access Stratum (NAS) messages encapsulated within NGAP InitialUEMessage structures. When processing incoming traffic, the AMF must parse the NAS Protocol Data Unit (NAS-PDU) to establish the UE context. The parsing logic attempts to determine if the payload utilizes integrity protection by inspecting the security header type.

Due to insufficient length validation prior to array slicing operations, the software is vulnerable to an Out-of-bounds Read (CWE-125). An unauthenticated attacker with network reachability to the N2 interface can exploit this flaw to trigger a Go runtime panic. The resulting panic immediately terminates the AMF process, severing connectivity for all attached UEs and causing a complete denial of service across the 5G core network.

The root cause of CVE-2026-32319 lies in the deterministic runtime behavior of the Go programming language when handling invalid slice indices. The vulnerability is located within the fetchUeContextWithMobileIdentity function in the internal/amf/nas/handler.go file. When an incoming NAS message is processed, the code evaluates the first few bytes to determine the SecurityHeaderType.

If the header type indicates SecurityHeaderTypeIntegrityProtected (byte value 0x01), the implementation assumes the presence of a standard 7-byte security header. This header typically contains the Protocol Discriminator, Security Header Type, Message Authentication Code (MAC), and Sequence Number. To process the inner plaintext message, the function attempts to strip this header by slicing the payload byte array starting from index 7.

The implementation executes the statement p := payload[7:] without verifying that the payload slice contains at least 7 bytes. If an attacker submits a crafted NAS-PDU with a total length of less than 7 bytes, the Go runtime detects the out-of-bounds index and raises an unrecoverable panic. Because this occurs within the main unauthenticated message processing loop, the panic propagates to the top of the goroutine and crashes the entire AMF binary.

> [!NOTE] > Go's memory safety mechanisms prevent this out-of-bounds read from achieving code execution, but the deterministic panic provides a highly reliable vector for Denial of Service.

Analyzing the vulnerable code path clarifies the exact mechanism of the crash. Prior to version 1.5.1, the AMF blindly trusted the structure of integrity-protected messages. The code extracted the payload and immediately performed a slice operation based on assumed header boundaries.

// Vulnerable code in internal/amf/nas/handler.go
case nas.SecurityHeaderTypeIntegrityProtected:
    p := payload[7:] // PANIC: triggers if len(payload) < 7
    if err := msg.PlainNasDecode(&p); err != nil {
        return nil, fmt.Errorf("error decoding plain nas: %+v", err)
    }

The remediation implemented in commit 722e79f69b1edc689693416c475da9c2b56c25bd introduces an explicit bounds check before the slice operation occurs. The patched function validates the length of the payload byte slice. If the length is insufficient to contain the mandatory 7-byte header, the function returns a formatted error instead of panicking.

// Fixed code in internal/amf/nas/handler.go
case nas.SecurityHeaderTypeIntegrityProtected:
    if len(payload) < 7 {
        return nil, fmt.Errorf("integrity-protected nas payload is too short")
    }
    p := payload[7:]

The vendor advisory also notes concurrent stability fixes applied to the 1.5.1 release. These include protections against empty bitstrings in NGAP PathSwitchRequest structures (commit 1e404ee1c9b6adadec934fc4c8638a506fc713b2) and nil pointer dereferences in the User Plane Function (UPF). The presence of multiple input validation failures indicates a broader pattern of fragile parsing logic within the Ella Core application prior to version 1.5.1.

Exploitation of CVE-2026-32319 requires no authentication and minimal network configuration. The attacker must possess network reachability to the AMF over the N2 interface. This access typically requires the attacker to be on the same management or signaling network segment as the core infrastructure, or to have compromised a connected base station (gNodeB).

The attack payload consists of a deliberately malformed NGAP InitialUEMessage. Within this message, the attacker populates the NAS-PDU Information Element (IE) with an undersized byte array. The minimal viable payload requires only two bytes to trigger the vulnerable code path: 0x7e and 0x01.

The first byte (0x7e) represents the 5GS Mobility Management Protocol Discriminator, instructing the AMF to route the payload to the NAS mobility management handler. The second byte (0x01) sets the Security Header Type to "Integrity Protected". The AMF parses these two bytes, correctly identifies the message type, and executes the slice operation on the 2-byte array. The out-of-bounds slice attempt instantly crashes the service.

The vulnerability carries a CVSS 3.1 base score of 7.5 (High), reflecting the ease of exploitation and the severe impact on availability. The CVSS vector (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) indicates a network-based attack with low complexity and no user interaction requirements. The confidentiality and integrity of the system remain uncompromised due to the nature of the runtime panic.

The operational impact of successful exploitation is a complete denial of service for the affected 5G private network. When the AMF process terminates, the core loses all active UE contexts and mobility management capabilities. Existing data sessions may stall or terminate, and no new devices can attach to the network.

Restoring service requires restarting the AMF component. If the core infrastructure lacks automated process supervision or self-healing mechanisms, the outage persists until manual administrative intervention occurs. Continuous exploitation by an attacker transmitting the 2-byte payload in a loop creates a persistent denial of service condition, rendering the 5G network entirely unusable.

The primary remediation for CVE-2026-32319 is upgrading Ella Core to version 1.5.1. This release incorporates the mandatory bounds checks in the NAS message handler, as well as secondary stability improvements in the NGAP and UPF components. Organizations operating Ella Core 1.5.0 or earlier should prioritize this update to ensure continuous availability of their 5G services.

Network detection of exploitation attempts requires monitoring traffic on the N2 interface. Intrusion detection systems should inspect NGAP InitialUEMessage packets. A detection rule should flag any packet containing a NAS-PDU Information Element smaller than 7 bytes where the payload begins with 0x7e and 0x01. This precise signature accurately identifies the proof-of-concept payload.

Host-based detection relies on application log analysis. System administrators should monitor the AMF service logs for process crashes. The specific indicator of compromise is a Go panic trace containing the string slice bounds out of range originating from the internal/amf/nas/handler.go file. Recurring log entries of this type strongly indicate active exploitation attempts against an unpatched core.