Ella Core panics when processing a crafted NGAP LocationReport message

6.5 / 10

MEDIUM

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Description

Ella Core is a 5G core designed for private networks. Versions prior to 1.7.0 panic when processing a specially crafted NGAP LocationReport message. An attacker able to send crafted NGAP messages to Ella Core can crash the process, causing service disruption for all connected subscribers. Version 1.7.0 adds guards in NGAP Location Report handler.

Basic Information

ID CVE-2026-33903

Source GitHub_M

Published Mar 27, 2026 at 20:52

Modified Mar 30, 2026 at 15:42

Affected Product

Vendor ellanetworks

Product core

Version < 1.7.0

Affected Versions ellanetworks core < 1.7.0

CWE Classification

CWE-476

References

{
    "lastseen": "",
    "description": "Ella Core is a 5G core designed for private networks. Versions prior to 1.7.0 panic when processing a specially crafted NGAP LocationReport message. An attacker able to send crafted NGAP messages to Ella Core can crash the process, causing service disruption for all connected subscribers. Version 1.7.0 adds guards in NGAP Location Report handler.",
    "published": "2026-03-27T20:52:37.157Z",
    "modified": "2026-03-30T15:42:36.950Z",
    "type": "cve",
    "title": "Ella Core panics when processing a crafted NGAP LocationReport message",
    "source": "GitHub_M",
    "references": "https://github.com/ellanetworks/core/security/advisories/GHSA-f2f3-9cx3-wcmf\nhttps://github.com/ellanetworks/core/commit/ec77a2ad4508f8488cb356fd45b2f1efd92587f8\nhttps://github.com/ellanetworks/core/releases/tag/v1.7.0",
    "id": "CVE-2026-33903",
    "bulletinFamily": "",
    "cwe": [
        "CWE-476"
    ],
    "cvelist": null,
    "sourceData": "ellanetworks core < 1.7.0",
    "sourceHref": "",
    "cvss": {
        "score": 6.5,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "core",
    "version": "< 1.7.0",
    "vendor": "ellanetworks",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Ella Core panics when processing a crafted NGAP LocationReport message_CVE-2026-33903