CVE-2026-44474: Ella Core has handover failures during concurrent Security Mode Command

May 11, 2026 (updated June 8, 2026)

Ella Core didn’t enforce security rules on concurrent running of security procedures defined in TS 33.501 §6.9.5.1 — it could send a NAS Security Mode Command while an N2 handover was still pending (and vice versa).

References

github.com/advisories/GHSA-mc29-hmx6-856q
github.com/ellanetworks/core/security/advisories/GHSA-mc29-hmx6-856q
nvd.nist.gov/vuln/detail/CVE-2026-44474

Code Behaviors & Features

Detect and mitigate CVE-2026-44474 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →