CVE-2026-33281

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Ella Core versions prior to 1.6.0

Description Ella Core, a 5G core designed for private networks, experiences a panic when processing NGAP messages containing invalid PDU Session IDs outside the range of 1-15. An attacker capable of sending specially crafted NGAP messages to Ella Core can cause a process crash, leading to service disruption for all connected subscribers. No authentication is required to exploit this issue. The vulnerability is related to insufficient validation of PDU Session IDs during NGAP message handling.

Recommendations Update to version 1.6.0 or later, which includes PDU Session ID validations during NGAP message handling.

Exploit

Fix

Improper Validation of Array Index

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-129

Related Identifiers

CVE-2026-33281

GHSA-Q669-4GMV-G8MF

GO-2026-4783

SUSE-SU-2026:1135-1

Affected Products

Ella Core

CVE-2026-33281

Weakness Enumeration

Related Identifiers

Affected Products

References · 148