{"id":"GHSA-mc29-hmx6-856q","summary":"Ella Core has handover failures during concurrent Security Mode Command","details":"## Summary\n\nElla Core didn't enforce security rules on concurrent running of security procedures defined in TS 33.501 §6.9.5.1 — it could send a NAS Security Mode Command while an N2 handover was still pending (and vice versa).\n\n## Impact\n\nConcurrent Security Mode Command and N2 handover produce a KgNB mismatch between the UE and target gNB, causing the handover to fail. Requires a stalled gNB + re-registration race to trigger.\n\n## Fix\n\nElla Core now enforces both rules from §6.9.5.1, blocking concurrent Security Mode Command and N2 handover procedures.","aliases":["CVE-2026-44474"],"modified":"2026-05-11T15:46:53.506504Z","published":"2026-05-11T15:29:41Z","database_specific":{"github_reviewed_at":"2026-05-11T15:29:41Z","github_reviewed":true,"cwe_ids":["CWE-358"],"nvd_published_at":null,"severity":"LOW"},"references":[{"type":"WEB","url":"https://github.com/ellanetworks/core/security/advisories/GHSA-mc29-hmx6-856q"},{"type":"PACKAGE","url":"https://github.com/ellanetworks/core"}],"affected":[{"package":{"name":"github.com/ellanetworks/core","ecosystem":"Go","purl":"pkg:golang/github.com/ellanetworks/core"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"1.10.0"}]}],"database_specific":{"source":"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/05/GHSA-mc29-hmx6-856q/GHSA-mc29-hmx6-856q.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L"}]}