CVE-2026-44474: Ella Core has handover failures during concurrent Security Mode Command

May 11, 2026

Ella Core didn’t enforce security rules on concurrent running of security procedures defined in TS 33.501 §6.9.5.1 — it could send a NAS Security Mode Command while an N2 handover was still pending (and vice versa).

References

github.com/advisories/GHSA-mc29-hmx6-856q
github.com/ellanetworks/core/security/advisories/GHSA-mc29-hmx6-856q
nvd.nist.gov/vuln/detail/CVE-2026-44474

Code Behaviors & Features

Detect and mitigate CVE-2026-44474 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →