CVE-2026-33283
MEDIUMElla Core < 1.6.0 - Unauthenticated Denial of Service via Malformed UL NAS Transport Message
Title source: llmDescription
Ella Core is a 5G core designed for private networks. Versions prior to 1.6.0 panic when processing malformed UL NAS Transport NAS messages without a Request Type. An attacker able to send crafted NAS messages to Ella Core can crash the process, causing service disruption for all connected subscribers. No authentication is required. Version 1.6.0 adds a guard when receiving an UL NAS Message without a Request Type given no SM Context.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://github.com/ellanetworks/core/security/advisories/GHSA-3366-gw57-fcm5
Scores
CVSS v3
6.5
EPSS
0.0037
EPSS Percentile
28.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-476
Status
published
Products (3)
ellanetworks/core
0 - 1.6.0Go
ellanetworks/core
< 1.6.0
ellanetworks/ella_core
< 1.6.0
Published
Mar 24, 2026
Tracked Since
Mar 24, 2026