CVE-2026-33282 | THREATINT

Description

Ella Core is a 5G core designed for private networks. Versions prior to 1.6.0 panic when processing a malformed NGAP LocationReport message with `ue-presence-in-area-of-interest` event type and omitting the optional `UEPresenceInAreaOfInterestList` IE. An attacker able to send crafted NGAP messages to Ella Core can crash the process, causing service disruption for all connected subscribers. No authentication is required. Version 1.6.0 added IE presence verification to NGAP message handling.

PUBLISHED Reserved 2026-03-18 | Published 2026-03-23 | Updated 2026-03-25 | Assigner GitHub_M

HIGH: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Problem types

CWE-476: NULL Pointer Dereference

Product status

< 1.6.0

affected

References

github.com/...s/core/security/advisories/GHSA-826q-wrq4-p23x

cve.org (CVE-2026-33282)

nvd.nist.gov (CVE-2026-33282)

Download JSON