CVE-2026-33283
Published: 24 March 2026
Summary
CVE-2026-33283 is a medium-severity NULL Pointer Dereference (CWE-476) vulnerability in Ellanetworks Ella Core. Its CVSS base score is 6.5 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 6.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and SI-10 (Information Input Validation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly mitigates the NULL pointer dereference by validating UL NAS Transport messages for the presence of a required Request Type before processing.
Prevents system panic by ensuring graceful error handling when malformed UL NAS messages lacking a Request Type are received, avoiding exploitable crashes.
Limits the effects of denial-of-service attacks by protecting against crafted NAS messages that crash the Ella Core process and disrupt service.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
NULL pointer dereference in network-exposed 5G core service allows remote unauthenticated malformed NAS message to trigger process panic/crash (availability impact); directly maps to remote exploitation of public-facing application and application/system exploitation for DoS.
NVD Description
Ella Core is a 5G core designed for private networks. Versions prior to 1.6.0 panic when processing malformed UL NAS Transport NAS messages without a Request Type. An attacker able to send crafted NAS messages to Ella Core can crash…
more
the process, causing service disruption for all connected subscribers. No authentication is required. Version 1.6.0 adds a guard when receiving an UL NAS Message without a Request Type given no SM Context.
Deeper analysisAI
CVE-2026-33283 affects Ella Core, a 5G core implementation designed for private networks, in versions prior to 1.6.0. The vulnerability is a NULL pointer dereference (CWE-476) that causes the software to panic when processing malformed UL NAS Transport NAS messages lacking a Request Type. This flaw has a CVSS v3.1 base score of 6.5 (AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H), indicating medium severity primarily due to high availability impact.
An attacker with the ability to send crafted NAS messages to Ella Core can exploit this vulnerability remotely over the network with low complexity. Although the CVSS score specifies low privileges required (PR:L), the description notes no authentication is required. Successful exploitation crashes the Ella Core process, resulting in service disruption for all connected subscribers.
The GitHub security advisory at https://github.com/ellanetworks/core/security/advisories/GHSA-3366-gw57-fcm5 details the fix in version 1.6.0, which introduces a guard to handle UL NAS messages without a Request Type when no SM Context exists, preventing the panic. Security practitioners should upgrade to version 1.6.0 or later to mitigate this issue.
Details
- CWE(s)