CVE-2026-33907 - Vulnerability Details

- Ella Core Panics during NAS Authentication Response/Failure with missing IEs

Description

Ella Core is a 5G core designed for private networks. Versions prior to 1.7.0 panic when processing Authentication Response and Authentication Failure NAS message missing IEs. An attacker able to send crafted NAS messages to Ella Core can crash the process, causing service disruption for all connected subscribers. No authentication is required. Version 1.7.0 added IE presence verification to NAS message handling.

Published: 2026-03-27

Score: 6.5 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

Ella Core is a private‑network 5G core that crashes when it receives an Authentication Response or Authentication Failure NAS message lacking required Information Elements. The crash occurs due to a null pointer dereference, which causes the authentication service to panic and terminate, leading to a full service outage for all connected subscribers. The vulnerability provides attackers a way to disrupt network availability, but does not affect confidentiality or integrity. The weakness is a classic null pointer dereference (CWE‑476).

Affected Systems

This flaw impacts all Ella Networks Ella Core installations running any version older than 1.7.0. Those operators that rely on the affected core stack in their private 5G infrastructure are therefore exposed, as the vulnerable code resides in the core NAS message handling component.

Risk and Exploitability

The CVSS score of 6.5 indicates a moderate severity level. No authentication is required; an attacker only needs the ability to send crafted NAS messages to the core. Based on the description, the likely attack vector is from a network device that can reach the NAS interface, making the vulnerability feasible for nearby adversaries. The EPSS score is not available and the issue is not listed in CISA’s KEV catalog, suggesting no documented broad exploitation, yet the ease of triggering a crash and its global impact on subscribers keep the risk high for operators.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

ellanetworks

core

affected

Version	Status	Constraints
`< 1.7.0`	affected	—

Configuration 1 [-]

cpe:2.3:a:ellanetworks:ella_core:*:*:*:*:*:*:*:*

No data.

Vendor Product Confidence Versions

Ellanetworks

Core

100%

Version	Status	Scheme	Platform
`[0,1.7.0)`	affected	semver	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade Ella Core to version 1.7.0 or later, which adds Information Element presence verification to NAS message handling.

Generated by OpenCVE AI on March 28, 2026 at 05:57 UTC.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
Github GHSA	GHSA-55q8-2gwx-29pc	Ella Core Panics during NAS Authentication Response/Failure with missing IEs

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00037.

Exploitation none

Automatable no

Technical Impact partial

References

Link	Providers
https://github.com/ellanetworks/core/commit/52962660e3bd3e23c7e96b0da270ac1e0e705273
https://github.com/ellanetworks/core/releases/tag/v1.7.0
https://github.com/ellanetworks/core/security/advisories/GHSA-55q8-2gwx-29pc

History

Mon, 20 Apr 2026 12:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Ellanetworks ella Core
CPEs		cpe:2.3:a:ellanetworks:ella_core::::::::
Vendors & Products		Ellanetworks ella Core

Mon, 30 Mar 2026 19:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Mon, 30 Mar 2026 07:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Ellanetworks Ellanetworks core
Vendors & Products		Ellanetworks Ellanetworks core

Sat, 28 Mar 2026 03:15:00 +0000

Type	Values Removed	Values Added
Description		Ella Core is a 5G core designed for private networks. Versions prior to 1.7.0 panic when processing Authentication Response and Authentication Failure NAS message missing IEs. An attacker able to send crafted NAS messages to Ella Core can crash the process, causing service disruption for all connected subscribers. No authentication is required. Version 1.7.0 added IE presence verification to NAS message handling.
Title		Ella Core Panics during NAS Authentication Response/Failure with missing IEs
Weaknesses		CWE-476
References		https://github.com/ellanetworks/core/commit/52962660e3bd3e23c7e96b0da270ac1e0e705273 https://github.com/ellanetworks/core/releases/tag/v1.7.0 https://github.com/ellanetworks/core/security/advisories/GHSA-55q8-2gwx-29pc
Metrics		cvssV3_1 `{'score': 6.5, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}`

Subscriptions

Ellanetworks Core Ella Core

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2026-03-27T20:58:06.768Z

Updated: 2026-03-30T18:53:12.138Z

Reserved: 2026-03-24T15:41:47.491Z

Link: CVE-2026-33907

Vulnrichment

Updated: 2026-03-30T18:53:09.323Z

NVD

Status : Analyzed

Published: 2026-03-27T21:17:27.003

Modified: 2026-04-20T12:32:36.940

Link: CVE-2026-33907

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-03-30T07:00:12Z

Weaknesses

CWE-476

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object