CVE-2026-33281

Name of the Vulnerable Software and Affected Versions Ella Core versions prior to 1.6.0

Description Ella Core, a 5G core designed for private networks, experiences a panic when processing NGAP messages containing invalid PDU Session IDs outside the range of 1-15. An attacker capable of sending specially crafted NGAP messages to Ella Core can cause a process crash, leading to service disruption for all connected subscribers. No authentication is required to exploit this issue. The vulnerability is related to insufficient validation of PDU Session IDs during NGAP message handling.

Recommendations Update to version 1.6.0 or later, which includes PDU Session ID validations during NGAP message handling.