CVE-2026-33903

CVSS v3.1

6.5

Medium

Vector

AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Ella Core versions prior to 1.7.0

Description Ella Core, a 5G core designed for private networks, experiences a panic when processing a specifically crafted NGAP LocationReport message. An attacker capable of sending crafted NGAP messages to Ella Core can cause a process crash, leading to service disruption for all connected subscribers. The issue resides in the handling of NGAP Location Report messages.

Recommendations Update to version 1.7.0 or later, which includes guards in the NGAP Location Report handler.

Exploit

Fix

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

CVE-2026-33903

GHSA-F2F3-9CX3-WCMF

GO-2026-4875

SUSE-SU-2026:1205-1

Affected Products

Ella Core

CVE-2026-33903

Weakness Enumeration

Related Identifiers

Affected Products

References · 47