CVE-2026-33282
Denial of Service via NGAP Message Panic in Ella Core
Publication date: 2026-03-24
Last updated on: 2026-03-24
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ellanetworks | ella_core | to 1.6.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-476 | The product dereferences a pointer that it expects to be valid but is NULL. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-33282 is a high-severity vulnerability in the Ella Core 5G core software affecting versions prior to 1.6.0. The vulnerability occurs when the software processes a malformed NGAP LocationReport message with the ue-presence-in-area-of-interest event type but omits the optional UEPresenceInAreaOfInterestList Information Element (IE). This omission causes a NULL pointer dereference, leading the Ella Core process to panic and crash.
An attacker can exploit this vulnerability by sending specially crafted NGAP messages without needing any authentication, privileges, or user interaction.
The crash results in a denial of service, disrupting the service for all connected subscribers. The issue was fixed in version 1.6.0 by adding verification for the presence of the IE during NGAP message handling.
How can this vulnerability impact me? :
This vulnerability can cause the Ella Core process to crash, resulting in a denial of service.
- Service disruption for all connected subscribers.
- No authentication is required for exploitation, making it easier for attackers to cause outages.
While confidentiality and integrity are not affected, the availability of the 5G core service is severely impacted.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for crashes or panics in the Ella Core process when it processes NGAP LocationReport messages with the ue-presence-in-area-of-interest event type.
Specifically, detection involves identifying malformed NGAP messages that omit the optional UEPresenceInAreaOfInterestList Information Element (IE).
Network monitoring tools or packet capture utilities can be used to inspect NGAP messages for this malformed pattern.
- Use tcpdump or Wireshark to capture NGAP traffic and filter for LocationReport messages with the ue-presence-in-area-of-interest event type.
- Example tcpdump command: tcpdump -i <interface> -w ngap_capture.pcap port <NGAP_port>
- Analyze the captured packets in Wireshark to check for missing UEPresenceInAreaOfInterestList IE in LocationReport messages.
- Monitor system logs or Ella Core logs for panic or crash messages related to NGAP message processing.
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to upgrade Ella Core to version 1.6.0 or later, which includes a fix that verifies the presence of the UEPresenceInAreaOfInterestList IE during NGAP message handling to prevent the crash.
Until the upgrade can be applied, consider implementing network-level filtering to block malformed NGAP LocationReport messages that omit the required IE.
Additionally, monitor the Ella Core process for crashes and restart it promptly to minimize service disruption.