{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-33282", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-03-18T18:55:47.425Z", "datePublished": "2026-03-23T23:47:26.483Z", "dateUpdated": "2026-03-25T19:25:14.461Z"}, "containers": {"cna": {"title": "Ella Core panics on malformed NGAP Location Report", "problemTypes": [{"descriptions": [{"cweId": "CWE-476", "lang": "en", "description": "CWE-476: NULL Pointer Dereference", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/ellanetworks/core/security/advisories/GHSA-826q-wrq4-p23x", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/ellanetworks/core/security/advisories/GHSA-826q-wrq4-p23x"}], "affected": [{"vendor": "ellanetworks", "product": "core", "versions": [{"version": "< 1.6.0", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-23T23:47:26.483Z"}, "descriptions": [{"lang": "en", "value": "Ella Core is a 5G core designed for private networks. Versions prior to 1.6.0 panic when processing a malformed NGAP LocationReport message with `ue-presence-in-area-of-interest` event type and omitting the optional `UEPresenceInAreaOfInterestList` IE. An attacker able to send crafted NGAP messages to Ella Core can crash the process, causing service disruption for all connected subscribers. No authentication is required. Version 1.6.0 added IE presence verification to NGAP message handling."}], "source": {"advisory": "GHSA-826q-wrq4-p23x", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-25T19:23:25.820727Z", "id": "CVE-2026-33282", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-25T19:25:14.461Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-33282", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-25T19:23:25.820727Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-25T19:25:00.612Z"}}], "cna": {"title": "Ella Core panics on malformed NGAP Location Report", "source": {"advisory": "GHSA-826q-wrq4-p23x", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "ellanetworks", "product": "core", "versions": [{"status": "affected", "version": "< 1.6.0"}]}], "references": [{"url": "https://github.com/ellanetworks/core/security/advisories/GHSA-826q-wrq4-p23x", "name": "https://github.com/ellanetworks/core/security/advisories/GHSA-826q-wrq4-p23x", "tags": ["x_refsource_CONFIRM"]}], "descriptions": [{"lang": "en", "value": "Ella Core is a 5G core designed for private networks. Versions prior to 1.6.0 panic when processing a malformed NGAP LocationReport message with `ue-presence-in-area-of-interest` event type and omitting the optional `UEPresenceInAreaOfInterestList` IE. An attacker able to send crafted NGAP messages to Ella Core can crash the process, causing service disruption for all connected subscribers. No authentication is required. Version 1.6.0 added IE presence verification to NGAP message handling."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-476", "description": "CWE-476: NULL Pointer Dereference"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-23T23:47:26.483Z"}}}, "cveMetadata": {"cveId": "CVE-2026-33282", "state": "PUBLISHED", "dateUpdated": "2026-03-25T19:25:14.461Z", "dateReserved": "2026-03-18T18:55:47.425Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-03-23T23:47:26.483Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ellanetworks:ella_core:*:*:*:*:*:*:*:*", "matchCriteriaId": "4A60BFD6-666C-4509-BE38-04CBFF557242", "versionEndExcluding": "1.6.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Ella Core is a 5G core designed for private networks. Versions prior to 1.6.0 panic when processing a malformed NGAP LocationReport message with `ue-presence-in-area-of-interest` event type and omitting the optional `UEPresenceInAreaOfInterestList` IE. An attacker able to send crafted NGAP messages to Ella Core can crash the process, causing service disruption for all connected subscribers. No authentication is required. Version 1.6.0 added IE presence verification to NGAP message handling."}, {"lang": "es", "value": "Ella Core es un n\u00facleo 5G dise\u00f1ado para redes privadas. Las versiones anteriores a la 1.6.0 entran en p\u00e1nico al procesar un mensaje NGAP LocationReport malformado con tipo de evento 'ue-presence-in-area-of-interest' y omitiendo el IE opcional 'UEPresenceInAreaOfInterestList'. Un atacante capaz de enviar mensajes NGAP manipulados a Ella Core puede bloquear el proceso, causando interrupci\u00f3n del servicio para todos los suscriptores conectados. No se requiere autenticaci\u00f3n. La versi\u00f3n 1.6.0 a\u00f1adi\u00f3 verificaci\u00f3n de presencia de IE al manejo de mensajes NGAP."}], "id": "CVE-2026-33282", "lastModified": "2026-03-24T19:31:44.117", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-03-24T00:16:30.370", "references": [{"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/ellanetworks/core/security/advisories/GHSA-826q-wrq4-p23x"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,1.6.0)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "core", "source": "cna", "vendor": "ellanetworks"}, "product": "core", "vendor": "ellanetworks"}], "analysis": {"en": {"generated_at": "2026-03-24T20:30:54.001167+00:00", "value": {"mitigation_remediation": ["Upgrade Ellanetworks Core to version 1.6.0 or later.", "Verify that the core process is running after the upgrade and monitor for crash-related logs.", "If an upgrade cannot be applied immediately, restrict NGAP traffic to trusted routers or use a firewall to block malformed messages as a temporary measure."], "summary": {"action": "Immediate Patch", "impact": "Denial of Service via Process Crash"}, "threat_synthesis": {"affected_systems": "The issue is limited to Ellanetworks Core versions before 1.6.0. Any deployment of the core software that has not been upgraded to 1.6.0 or later is vulnerable. The affected component is the NGAP message handler in the core network stack.", "description_and_impact": "Ellanetworks Core is a 5G core for private networks. A flaw in the NGAP LocationReport parsing causes a panic when an attacker sends a malformed message that includes the event type \"ue-presence-in-area-of-interest\" but omits the optional \"UEPresenceInAreaOfInterestList\" information element. The panic terminates the core process, leading to a complete drop of all functionalities for connected subscribers. The weakness is a null pointer dereference (CWE-476) that triggers a denial of service.", "risk_and_exploitability": "With a CVSS score of 7.5 the vulnerability is considered high severity, yet the EPSS score of less than 1% indicates a low likelihood of immediate exploitation. The vulnerability is not cataloged in CISA\u2019s KEV list, and no authentication is required to trigger the crash, so remote attackers could abuse it over the air interface. The patch introduced explicit IE presence verification, eliminating the crash path."}}}}, "created": "2026-03-24T10:29:44.299163+00:00", "updated": "2026-03-25T21:27:51.126265+00:00", "vendors": ["ellanetworks", "ellanetworks$PRODUCT$core"]}