CVE-2026-33282
Published: 24 March 2026
Summary
CVE-2026-33282 is a high-severity NULL Pointer Dereference (CWE-476) vulnerability in Ellanetworks Ella Core. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 7.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and SI-10 (Information Input Validation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Requires validation of incoming NGAP LocationReport messages to reject malformed ones omitting the UEPresenceInAreaOfInterestList IE, directly preventing the NULL pointer dereference crash.
Ensures error handling for missing optional IEs in NGAP messages does not cause process panic but maintains system functionality without disruption.
Implements protections against denial-of-service attacks exploiting malformed NGAP messages to crash the Ella Core process and disrupt service for all subscribers.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
NULL pointer dereference in exposed NGAP handler allows remote unauthenticated attacker to crash the 5G core process; directly matches Application or System Exploitation sub-technique for Endpoint DoS.
NVD Description
Ella Core is a 5G core designed for private networks. Versions prior to 1.6.0 panic when processing a malformed NGAP LocationReport message with `ue-presence-in-area-of-interest` event type and omitting the optional `UEPresenceInAreaOfInterestList` IE. An attacker able to send crafted NGAP messages…
more
to Ella Core can crash the process, causing service disruption for all connected subscribers. No authentication is required. Version 1.6.0 added IE presence verification to NGAP message handling.
Deeper analysisAI
Ella Core, a 5G core implementation designed for private networks, contains a denial-of-service vulnerability in versions prior to 1.6.0, tracked as CVE-2026-33282. The issue stems from a NULL pointer dereference (CWE-476) triggered when processing a malformed NGAP LocationReport message specifying the `ue-presence-in-area-of-interest` event type while omitting the optional `UEPresenceInAreaOfInterestList` information element (IE). This causes the Ella Core process to panic and crash. The vulnerability has a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), reflecting high availability impact with no confidentiality or integrity effects.
Any remote attacker with network access to the Ella Core deployment can exploit this vulnerability by sending a specially crafted NGAP message, as no authentication is required. Successful exploitation crashes the core process, resulting in service disruption that affects all connected subscribers across the private 5G network. The low attack complexity and lack of privileges needed make it accessible to unauthenticated adversaries positioned to reach the NGAP interface.
The official advisory from Ella Networks, published on GitHub at https://github.com/ellanetworks/core/security/advisories/GHSA-826q-wrq4-p23x, recommends upgrading to version 1.6.0 or later, which introduces verification for the presence of required IEs in NGAP message handling to prevent the crash. No additional workarounds are specified in the available information.
Details
- CWE(s)