top of page
perceptive_background_267k.jpg

Ella Core is a 5G core designed for private networks. Versions prior to 1.6.0 panic when processing a malformed NGAP LocationReport message with `ue-presence-i…

Published:

23 March 2026 at 23:00:00

Alert date:

24 March 2026 at 20:06:33

Source:

nvd.nist.gov

Click to open the original link from this advisory

Mobile & IoT, Network Infrastructure, Critical Infrastructure

CVE-2026-33282 affects Ella Core, a 5G core network solution for private networks. Versions prior to 1.6.0 are vulnerable to denial of service attacks through malformed NGAP LocationReport messages. Attackers can send crafted NGAP messages with ue-presence-in-area-of-interest event type while omitting the optional UEPresenceInAreaOfInterestList IE, causing the core process to panic and crash. This results in service disruption for all connected subscribers. No authentication is required to exploit this vulnerability. The issue was fixed in version 1.6.0 by adding IE presence verification to NGAP message handling.

Technical details

Mitigation steps:

Affected products:

Ella Core

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2026-33282
https://github.com/ellanetworks/core/security/advisories/GHSA-826q-wrq4-p23x

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Disclaimer: Deze website toont informatie afkomstig van externe bronnen. Perceptive aanvaardt geen verantwoordelijkheid voor de inhoud, juistheid of volledigheid van deze informatie.

bottom of page