CVE-2026-33282

Name of the Vulnerable Software and Affected Versions Ella Core versions prior to 1.6.0

Description Ella Core, a 5G core designed for private networks, experiences a panic when processing a malformed NGAP LocationReport message. Specifically, the issue occurs with the ue-presence-in-area-of-interest event type when the optional UEPresenceInAreaOfInterestList IE is omitted. An attacker can exploit this by sending crafted NGAP messages to Ella Core, leading to a process crash and service disruption for all connected subscribers. No authentication is required for exploitation. The issue is related to the handling of NGAP messages and the absence of proper IE presence verification.

Recommendations Update to version 1.6.0 or later.