CVE-2026-33281 is a vulnerability identified in the Ella Core 5G core product designed for private network deployments. The core issue is an improper validation of array indices (CWE-129) related to PDU Session IDs in NGAP (Next Generation Application Protocol) messages. Specifically, versions of Ella Core prior to 1.6.0 do not validate that PDU Session IDs fall within the expected range of 1 to 15. When an NGAP message containing an out-of-range PDU Session ID is processed, the software panics, causing the core process to crash. This results in a denial-of-service condition, disrupting service for all connected subscribers. The vulnerability can be exploited remotely without authentication or user interaction, as NGAP messages are part of the signaling protocol between the 5G core and radio access network elements. The CVSS v3.1 base score is 6.5, reflecting a medium severity with network attack vector, low attack complexity, no privileges required, no user interaction, and a high impact on availability but no impact on confidentiality or integrity. The vendor addressed this vulnerability in version 1.6.0 by implementing proper validation checks on PDU Session IDs during NGAP message processing, preventing out-of-range values from causing crashes. No public exploits or active exploitation have been reported to date.

The primary impact of this vulnerability is a denial-of-service condition affecting the availability of the 5G core network services managed by Ella Core. Since the core process crashes upon receiving malformed NGAP messages, all subscribers connected to the affected core instance will experience service disruption, potentially leading to loss of connectivity, dropped sessions, and degraded network performance. This can affect private 5G network operators relying on Ella Core for mission-critical communications, industrial automation, or enterprise connectivity. The impact on confidentiality and integrity is negligible, as the vulnerability does not allow data leakage or unauthorized modification. However, the ease of exploitation—requiring no authentication and only crafted NGAP messages—makes it a significant risk for service availability. Organizations operating private 5G networks with affected versions may face operational downtime, customer dissatisfaction, and potential financial losses. The lack of known exploits in the wild reduces immediate risk but does not eliminate the threat, especially as attackers could develop exploits given the public disclosure.

Organizations using Ella Core versions prior to 1.6.0 should prioritize upgrading to version 1.6.0 or later, where the vulnerability is patched with proper PDU Session ID validation. In environments where immediate upgrade is not feasible, network operators should implement strict filtering and validation of NGAP messages at the network edge or firewall to block malformed or out-of-range PDU Session IDs. Monitoring NGAP traffic for anomalous or unexpected session IDs can help detect attempted exploitation. Additionally, deploying redundancy and failover mechanisms for the 5G core can minimize service disruption in case of a crash. Network segmentation and limiting exposure of the NGAP interface to trusted network segments can reduce the attack surface. Regular security assessments and penetration testing focused on signaling protocols can help identify similar vulnerabilities proactively. Finally, maintaining up-to-date incident response plans for 5G core outages will improve resilience against denial-of-service attacks.