CVE-2026-33907

Name of the Vulnerable Software and Affected Versions Ella Core versions prior to 1.7.0

Description Ella Core, a 5G core designed for private networks, experiences a panic when processing Authentication Response and Authentication Failure NAS messages lacking Information Elements (IEs). An attacker can exploit this by sending crafted NAS messages to Ella Core, leading to a process crash and service disruption for all connected subscribers. No authentication is required to send these messages. The issue is resolved by adding IE presence verification to NAS message handling.

Recommendations Update to version 1.7.0 or later.