CVE-2026-33281

CVSS v3.1

6.5

Medium

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Summary

Ella Core panics when processing NGAP messages with invalid PDU Session IDs outside of 1-15.

Impact

An attacker able to send crafted NGAP messages to Ella Core can crash the process, causing service disruption for all connected subscribers. No authentication is required.

Fix

Added PDU Session ID validations during NGAP message handling.

Fix

Improper Validation of Array Index

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-129

Related Identifiers

CVE-2026-33281

GHSA-Q669-4GMV-G8MF

Affected Products

Github.Com/Ellanetworks/Core

CVE-2026-33281

Summary

Impact

Fix

Weakness Enumeration

Related Identifiers

Affected Products

References · 3