CVE-2026-33283

Name of the Vulnerable Software and Affected Versions Ella Core versions prior to 1.6.0

Description Ella Core, a 5G core designed for private networks, experiences a panic when processing improperly formatted UL NAS Transport NAS messages that lack a Request Type. An attacker can exploit this by sending specially crafted NAS messages to Ella Core, leading to a process crash and service disruption for all connected subscribers. This does not require authentication. The issue occurs when receiving an UL NAS Message without a Request Type and no SM Context.

Recommendations Update to version 1.6.0 or later.