CVE-2026-33903 is a NULL pointer dereference vulnerability classified under CWE-476 found in Ella Core, a 5G core network product designed for private network deployments. The vulnerability exists in versions prior to 1.7.0 and is triggered when the core processes a specially crafted NGAP (Next Generation Application Protocol) LocationReport message. NGAP is a protocol used between the 5G gNodeB and the core network for signaling. The flaw causes the core process to panic and crash, leading to a denial of service (DoS) condition that disrupts service for all subscribers connected through the affected core. Exploitation requires the attacker to send malicious NGAP messages, which implies network-level access to the NGAP interface but does not require authentication or user interaction. The vulnerability does not expose data confidentiality or integrity but impacts availability severely. The vendor addressed this issue in version 1.7.0 by adding input validation and null pointer checks in the NGAP Location Report handler, preventing the crash. No public exploits or active exploitation campaigns have been reported yet. The CVSS v3.1 score is 6.5 (medium), reflecting the ease of exploitation without privileges but limited to availability impact.

The primary impact of CVE-2026-33903 is denial of service against the Ella Core 5G core network component. When exploited, the core process crashes, causing service disruption for all subscribers connected to that core. This can lead to loss of connectivity, dropped calls, interrupted data sessions, and degraded network reliability. For organizations relying on private 5G networks for critical operations—such as manufacturing, logistics, healthcare, or utilities—this disruption can affect operational continuity and safety. The vulnerability does not compromise subscriber data confidentiality or integrity, but the availability impact can be significant, especially in environments where high uptime and reliability are mandatory. Since exploitation requires network access to the NGAP interface, attackers with internal network access or compromised network segments pose the greatest risk. The lack of known exploits reduces immediate risk but does not eliminate the threat, especially as 5G private networks expand globally.

To mitigate CVE-2026-33903, affected organizations should upgrade Ella Core to version 1.7.0 or later, where the vulnerability is patched with added null pointer checks in the NGAP Location Report handler. Until upgrade is possible, network segmentation and strict access controls should be enforced to limit access to the NGAP interface only to trusted network elements and administrators. Deploy network monitoring to detect anomalous NGAP messages or unusual signaling traffic patterns that could indicate exploitation attempts. Implement rate limiting or filtering on NGAP message traffic where feasible to reduce exposure to crafted messages. Regularly audit and update firewall and network device configurations to prevent unauthorized access to the core network interfaces. Additionally, coordinate with the vendor for any available patches or hotfixes and monitor threat intelligence feeds for emerging exploit information.