Description
Ella Core is a 5G core designed for private networks. Versions prior to 1.7.0 panic when processing a specially crafted NGAP LocationReport message. An attacker able to send crafted NGAP messages to Ella Core can crash the process, causing service disruption for all connected subscribers. Version 1.7.0 adds guards in NGAP Location Report handler.
Published: 2026-03-27
Score: 6.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Apply patch
AI Analysis

Impact

Ella Core, a 5G core system for private networks, contains a bug that causes the application to panic when it processes a specially crafted NGAP LocationReport message. The vulnerability is a NULL pointer dereference (CWE‑476) that terminates the core process, thereby interrupting all services for connected subscribers. The crash results in a service disruption without providing any means of remote code execution or data exfiltration.

Affected Systems

All releases of Ella Networks Core older than version 1.7.0 are affected. The problem resides in the core product shipped by Ella Networks and is specific to the NGAP LocationReport handler in these firmware versions.

Risk and Exploitability

The CVSS score of 6.5 indicates moderate severity. No EPSS score is available, and the vulnerability is not listed in the CISA KEV catalog. The attack requires the ability to send crafted NGAP messages to the core, which typically means access to the network interface handling NGAP traffic. An attacker with network connectivity to the core or a compromised internal node could exploit this flaw, causing a denial of service for all subscribers.

Generated by OpenCVE AI on March 28, 2026 at 05:57 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Ella Core to version 1.7.0 or later, which adds guard checks to the NGAP Location Report handler.

Generated by OpenCVE AI on March 28, 2026 at 05:57 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-f2f3-9cx3-wcmf Ella Core panics when processing a crafted NGAP LocationReport message
History

Mon, 20 Apr 2026 12:30:00 +0000

Type Values Removed Values Added
First Time appeared Ellanetworks ella Core
CPEs cpe:2.3:a:ellanetworks:ella_core:*:*:*:*:*:*:*:*
Vendors & Products Ellanetworks ella Core

Mon, 30 Mar 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 30 Mar 2026 07:15:00 +0000

Type Values Removed Values Added
First Time appeared Ellanetworks
Ellanetworks core
Vendors & Products Ellanetworks
Ellanetworks core

Sat, 28 Mar 2026 03:15:00 +0000

Type Values Removed Values Added
Description Ella Core is a 5G core designed for private networks. Versions prior to 1.7.0 panic when processing a specially crafted NGAP LocationReport message. An attacker able to send crafted NGAP messages to Ella Core can crash the process, causing service disruption for all connected subscribers. Version 1.7.0 adds guards in NGAP Location Report handler.
Title Ella Core panics when processing a crafted NGAP LocationReport message
Weaknesses CWE-476
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

Subscriptions

Ellanetworks Core Ella Core
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-03-30T15:42:36.950Z

Reserved: 2026-03-24T15:41:47.491Z

Link: CVE-2026-33903

cve-icon Vulnrichment

Updated: 2026-03-30T15:42:32.958Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-27T21:17:26.477

Modified: 2026-04-20T12:29:28.713

Link: CVE-2026-33903

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-30T07:00:15Z

Weaknesses