CVE-2026-33282

High CVSS: 7.5

Ella Core is a 5G core designed for private networks. Versions prior to 1.6.0 panic when processing a malformed NGAP LocationReport message with `ue-presence-in-area-of-interest` event type and omitting the optional `UEPresenceInAreaOfInterestList` IE. An attacker able to send crafted NGAP messages to Ella Core can crash the process, causing service disruption for all connected subscribers. No authentication is required. Version 1.6.0 added IE presence verification to NGAP message handling.

Vendor

Ellanetworks

Product

Ella Core

CWE

CWE-476

Yayın Tarihi

2026-03-24 00:16:30

Güncelleme

2026-03-24 19:31:44

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-476 Ella Core HIGH Ellanetworks 2026

Referanslar

https://github.com/ellanetworks/core/security/advisories/GHSA-826q-wrq4-p23x

Benzer Kayıtlar

Medium

CVE-2026-33281

Ella Core is a 5G core designed for private networks. Versions prior to 1.6.0 panic when processing NGAP messages with i…

Medium

CVE-2026-33283

Ella Core is a 5G core designed for private networks. Versions prior to 1.6.0 panic when processing malformed UL NAS Tra…

High

CVE-2026-32319

Ella Core is a 5G core designed for private networks. Prior to 1.5.1, Ella Core panics when processing a malformed integ…

Medium

CVE-2026-32320

Ella Core is a 5G core designed for private networks. Prior to 1.5.1, Ella Core panics when processing a PathSwitchReque…