CVE-2026-33282 - Vulnerability Details

- Ella Core panics on malformed NGAP Location Report

Description

Ella Core is a 5G core designed for private networks. Versions prior to 1.6.0 panic when processing a malformed NGAP LocationReport message with `ue-presence-in-area-of-interest` event type and omitting the optional `UEPresenceInAreaOfInterestList` IE. An attacker able to send crafted NGAP messages to Ella Core can crash the process, causing service disruption for all connected subscribers. No authentication is required. Version 1.6.0 added IE presence verification to NGAP message handling.

Published: 2026-03-23

Score: 7.5 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

Ellanetworks Core is a 5G core for private networks. A flaw in the NGAP LocationReport parsing causes a panic when an attacker sends a malformed message that includes the event type "ue-presence-in-area-of-interest" but omits the optional "UEPresenceInAreaOfInterestList" information element. The panic terminates the core process, leading to a complete drop of all functionalities for connected subscribers. The weakness is a null pointer dereference (CWE-476) that triggers a denial of service.

Affected Systems

The issue is limited to Ellanetworks Core versions before 1.6.0. Any deployment of the core software that has not been upgraded to 1.6.0 or later is vulnerable. The affected component is the NGAP message handler in the core network stack.

Risk and Exploitability

With a CVSS score of 7.5 the vulnerability is considered high severity, yet the EPSS score of less than 1% indicates a low likelihood of immediate exploitation. The vulnerability is not cataloged in CISA’s KEV list, and no authentication is required to trigger the crash, so remote attackers could abuse it over the air interface. The patch introduced explicit IE presence verification, eliminating the crash path.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

ellanetworks

core

affected

Version	Status	Constraints
`< 1.6.0`	affected	—

Configuration 1 [-]

cpe:2.3:a:ellanetworks:ella_core:*:*:*:*:*:*:*:*

No data.

Vendor Product Confidence Versions

Ellanetworks

Core

100%

Version	Status	Scheme	Platform
`[0,1.6.0)`	affected	semver	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade Ellanetworks Core to version 1.6.0 or later.
Verify that the core process is running after the upgrade and monitor for crash-related logs.
If an upgrade cannot be applied immediately, restrict NGAP traffic to trusted routers or use a firewall to block malformed messages as a temporary measure.

Generated by OpenCVE AI on March 24, 2026 at 20:30 UTC.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
Github GHSA	GHSA-826q-wrq4-p23x	Ella Core panics on malformed NGAP Location Report

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00025.

Exploitation none

Automatable no

Technical Impact partial

References

Link	Providers
https://github.com/ellanetworks/core/security/advisories/GHSA-826q-wrq4-p23x

History

Wed, 25 Mar 2026 20:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Tue, 24 Mar 2026 19:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Ellanetworks ella Core
CPEs		cpe:2.3:a:ellanetworks:ella_core::::::::
Vendors & Products		Ellanetworks ella Core

Tue, 24 Mar 2026 10:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Ellanetworks Ellanetworks core
Vendors & Products		Ellanetworks Ellanetworks core

Tue, 24 Mar 2026 02:30:00 +0000

Type	Values Removed	Values Added
Description		Ella Core is a 5G core designed for private networks. Versions prior to 1.6.0 panic when processing a malformed NGAP LocationReport message with `ue-presence-in-area-of-interest` event type and omitting the optional `UEPresenceInAreaOfInterestList` IE. An attacker able to send crafted NGAP messages to Ella Core can crash the process, causing service disruption for all connected subscribers. No authentication is required. Version 1.6.0 added IE presence verification to NGAP message handling.
Title		Ella Core panics on malformed NGAP Location Report
Weaknesses		CWE-476
References		https://github.com/ellanetworks/core/security/advisories/GHSA-826q-wrq4-p23x
Metrics		cvssV3_1 `{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}`

Subscriptions

Ellanetworks Core Ella Core

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2026-03-23T23:47:26.483Z

Updated: 2026-03-25T19:25:14.461Z

Reserved: 2026-03-18T18:55:47.425Z

Link: CVE-2026-33282

Vulnrichment

Updated: 2026-03-25T19:25:00.612Z

NVD

Status : Analyzed

Published: 2026-03-24T00:16:30.370

Modified: 2026-03-24T19:31:44.117

Link: CVE-2026-33282

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-03-25T21:27:51Z

Weaknesses

CWE-476

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object