CVE-2026-33281
MEDIUMElla Core < 1.6.0 - Unauthenticated Denial of Service via NGAP Message PDU Session ID
Title source: llmDescription
Ella Core is a 5G core designed for private networks. Versions prior to 1.6.0 panic when processing NGAP messages with invalid PDU Session IDs outside of 1-15. An attacker able to send crafted NGAP messages to Ella Core can crash the process, causing service disruption for all connected subscribers. No authentication is required. Version 1.6.0 added PDU Session ID validations during NGAP message handling.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://github.com/ellanetworks/core/security/advisories/GHSA-q669-4gmv-g8mf
Scores
CVSS v3
6.5
EPSS
0.0039
EPSS Percentile
30.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-129
Status
published
Products (3)
ellanetworks/core
0 - 1.6.0Go
ellanetworks/core
< 1.6.0
ellanetworks/ella_core
< 1.6.0
Published
Mar 24, 2026
Tracked Since
Mar 24, 2026