CVE-2026-33282 is a vulnerability classified under CWE-476 (NULL Pointer Dereference) found in Ella Core, a 5G core network product designed for private network deployments. The issue exists in versions prior to 1.6.0 and is triggered when the system processes a malformed NGAP (Next Generation Application Protocol) LocationReport message. Specifically, when the message contains the 'ue-presence-in-area-of-interest' event type but omits the optional 'UEPresenceInAreaOfInterestList' Information Element (IE), the software fails to verify the presence of this IE before dereferencing it. This leads to a NULL pointer dereference causing the core process to panic and crash. Exploitation requires no authentication or user interaction and can be performed remotely by sending crafted NGAP messages to the vulnerable Ella Core instance. The impact is a denial-of-service (DoS) condition, disrupting service availability for all subscribers connected to the affected core. The vulnerability has a CVSS v3.1 base score of 7.5, reflecting its high severity due to ease of exploitation and significant impact on availability. The vendor addressed this issue in version 1.6.0 by implementing IE presence verification during NGAP message handling, preventing the NULL dereference. No public exploits or active exploitation have been reported to date.

The primary impact of CVE-2026-33282 is a denial-of-service condition affecting the availability of 5G core network services managed by Ella Core versions prior to 1.6.0. Since the core handles subscriber sessions and signaling, a crash can interrupt connectivity for all users relying on the affected private network, potentially halting critical communications and business operations. This can be particularly damaging in environments where private 5G networks support industrial automation, healthcare, public safety, or other mission-critical applications. The lack of required authentication lowers the barrier for attackers, increasing the risk of exploitation by malicious actors or even accidental triggering by malformed messages. However, the vulnerability does not compromise confidentiality or integrity of data. The scope is limited to deployments using vulnerable Ella Core versions, but given the growing adoption of private 5G networks globally, the potential impact is significant for organizations relying on this technology.

Organizations using Ella Core versions prior to 1.6.0 should prioritize upgrading to version 1.6.0 or later, where the vulnerability is patched by adding IE presence verification in NGAP message processing. Until upgrade is possible, network operators should implement strict NGAP message filtering and validation at network ingress points to block malformed or suspicious LocationReport messages, especially those with the 'ue-presence-in-area-of-interest' event type missing the optional IE. Deploying anomaly detection systems to monitor NGAP traffic for irregularities can help identify exploitation attempts. Network segmentation and limiting exposure of the NGAP interface to trusted entities reduce the attack surface. Additionally, maintaining up-to-date logging and alerting on core process crashes can enable rapid detection and response to potential exploitation attempts. Collaboration with the vendor for any interim patches or workarounds is advised.