CVE-2026-33903: CWE-476: NULL Pointer Dereference in ellanetworks core
Ella Core is a 5G core designed for private networks. Versions prior to 1.7.0 panic when processing a specially crafted NGAP LocationReport message. An attacker able to send crafted NGAP messages to Ella Core can crash the process, causing service disruption for all connected subscribers. Version 1.7.0 adds guards in NGAP Location Report handler.
AI Analysis
Technical Summary
CVE-2026-33903 is a medium severity vulnerability (CVSS 6.5) in ellanetworks core, a 5G core designed for private networks. The vulnerability is a NULL pointer dereference (CWE-476) triggered by processing a maliciously crafted NGAP LocationReport message. This leads to a process panic and crash, disrupting service availability for all subscribers connected to the affected core. The issue affects versions prior to 1.7.0, which introduced protective checks in the NGAP Location Report handler to mitigate this flaw.
Potential Impact
Exploitation of this vulnerability causes a denial of service by crashing the core process, resulting in service disruption for all connected subscribers. There is no impact on confidentiality or integrity reported. The attack vector is adjacent network (AV:A), requiring no privileges or user interaction.
Mitigation Recommendations
Upgrade to ellanetworks core version 1.7.0 or later, which includes official fixes adding guards in the NGAP Location Report handler to prevent the NULL pointer dereference. Since no patch links are provided, verify availability and apply the update through official vendor channels. No other mitigations are indicated.
CVE-2026-33903: CWE-476: NULL Pointer Dereference in ellanetworks core
Description
Ella Core is a 5G core designed for private networks. Versions prior to 1.7.0 panic when processing a specially crafted NGAP LocationReport message. An attacker able to send crafted NGAP messages to Ella Core can crash the process, causing service disruption for all connected subscribers. Version 1.7.0 adds guards in NGAP Location Report handler.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2026-33903 is a medium severity vulnerability (CVSS 6.5) in ellanetworks core, a 5G core designed for private networks. The vulnerability is a NULL pointer dereference (CWE-476) triggered by processing a maliciously crafted NGAP LocationReport message. This leads to a process panic and crash, disrupting service availability for all subscribers connected to the affected core. The issue affects versions prior to 1.7.0, which introduced protective checks in the NGAP Location Report handler to mitigate this flaw.
Potential Impact
Exploitation of this vulnerability causes a denial of service by crashing the core process, resulting in service disruption for all connected subscribers. There is no impact on confidentiality or integrity reported. The attack vector is adjacent network (AV:A), requiring no privileges or user interaction.
Mitigation Recommendations
Upgrade to ellanetworks core version 1.7.0 or later, which includes official fixes adding guards in the NGAP Location Report handler to prevent the NULL pointer dereference. Since no patch links are provided, verify availability and apply the update through official vendor channels. No other mitigations are indicated.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-03-24T15:41:47.491Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 69c6efd03c064ed76ff473fd
Added to database: 3/27/2026, 9:00:00 PM
Last enriched: 4/4/2026, 11:02:18 AM
Last updated: 5/12/2026, 2:05:08 AM
Views: 122
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.