CVE-2026-33282 is a NULL pointer dereference vulnerability classified under CWE-476 found in Ella Core, a 5G core network product designed for private network deployments. The vulnerability exists in versions prior to 1.6.0 and is triggered when the core processes a malformed NGAP (Next Generation Application Protocol) LocationReport message. Specifically, when the message contains the 'ue-presence-in-area-of-interest' event type but omits the optional 'UEPresenceInAreaOfInterestList' Information Element (IE), the software dereferences a NULL pointer, causing the process to panic and crash. This results in a denial of service (DoS) condition affecting all subscribers connected to the core. The flaw arises due to insufficient validation of the presence of optional IEs before dereferencing pointers in the NGAP message handling logic. The vulnerability can be exploited remotely by an attacker capable of sending crafted NGAP messages to the Ella Core without requiring any authentication or user interaction, making it highly accessible. The vendor addressed this issue in version 1.6.0 by implementing presence verification checks for the optional IE, preventing the NULL pointer dereference. No public exploits have been observed in the wild as of the publication date. The CVSS v3.1 base score is 7.5, reflecting a high severity with network attack vector, low attack complexity, no privileges required, no user interaction, and impact limited to availability (denial of service).

The primary impact of CVE-2026-33282 is a denial of service condition on the Ella Core 5G core network component, which can disrupt service for all subscribers connected to the affected core. This disruption can lead to significant operational downtime in private 5G networks relying on Ella Core, potentially affecting critical communications and business operations. Since the vulnerability requires no authentication and can be exploited remotely, attackers can cause widespread service outages with minimal effort. The loss of availability in a 5G core network can affect industries such as manufacturing, logistics, healthcare, and utilities that depend on private 5G for low-latency, reliable connectivity. While confidentiality and integrity are not directly impacted, the service disruption can indirectly affect business continuity and safety-critical applications. The lack of known exploits in the wild reduces immediate risk but does not diminish the potential for future attacks, especially as private 5G deployments grow.

Organizations using Ella Core versions prior to 1.6.0 should upgrade immediately to version 1.6.0 or later, which includes the necessary presence verification to prevent this NULL pointer dereference. In addition to patching, network operators should implement strict filtering and validation of NGAP messages at network boundaries to block malformed or suspicious NGAP traffic from untrusted sources. Deploying anomaly detection systems that monitor NGAP message patterns can help identify and mitigate attempts to exploit this vulnerability. Network segmentation and access controls should limit which entities can send NGAP messages to the core, reducing the attack surface. Regularly auditing and testing the 5G core network for robustness against malformed protocol messages can proactively identify similar weaknesses. Finally, maintaining up-to-date incident response plans for 5G core outages will help minimize operational impact if exploitation occurs.