CVE-2026-33907 is a NULL pointer dereference vulnerability (CWE-476) identified in the Ella Core 5G core product designed for private network deployments. The vulnerability exists in versions prior to 1.7.0 and is triggered during the processing of NAS (Non-Access Stratum) Authentication Response and Authentication Failure messages that are missing required Information Elements (IEs). When such malformed NAS messages are received, the core software attempts to access a NULL pointer, causing the process to panic and crash. This results in a denial of service (DoS) condition, disrupting connectivity and service availability for all subscribers connected to the affected core. Exploitation requires no authentication or user interaction, and an attacker only needs network access to send crafted NAS messages. The vulnerability was addressed in version 1.7.0 by implementing checks to verify the presence of required IEs before processing NAS messages, preventing the NULL pointer dereference. The CVSS v3.1 base score is 6.5 (medium severity), reflecting the ease of exploitation over the network without privileges and the impact limited to availability. No known public exploits or active exploitation campaigns have been reported to date. This vulnerability primarily affects private 5G network operators using Ella Core versions older than 1.7.0, potentially impacting service continuity and subscriber connectivity.

The primary impact of CVE-2026-33907 is a denial of service condition caused by crashing the Ella Core process handling NAS authentication messages. This disruption can lead to loss of connectivity for all subscribers relying on the affected 5G core, resulting in service outages and operational interruptions. For private network operators, this can affect critical communications, industrial automation, or enterprise services dependent on 5G connectivity. The vulnerability does not expose subscriber data or allow unauthorized access, so confidentiality and integrity impacts are minimal. However, the availability impact is significant, especially in environments where continuous network service is essential. The ease of exploitation without authentication increases the risk, as any attacker with network access can trigger the crash. Although no known exploits are currently active, the vulnerability could be leveraged in targeted attacks or denial-of-service campaigns against private 5G deployments using vulnerable Ella Core versions. Organizations may face operational downtime, reputational damage, and potential financial losses due to service disruption.

To mitigate CVE-2026-33907, organizations should immediately upgrade Ella Core to version 1.7.0 or later, where the vulnerability has been fixed by adding IE presence verification during NAS message processing. Until the upgrade can be applied, network operators should implement strict filtering and validation of NAS messages at network ingress points to block malformed or suspicious NAS Authentication Response and Failure messages lacking required IEs. Deploying intrusion detection or prevention systems (IDS/IPS) with custom signatures to detect anomalous NAS message patterns may help reduce exposure. Network segmentation and limiting access to the 5G core network from untrusted sources can further reduce the attack surface. Monitoring core process stability and setting up automated alerts for crashes can enable rapid response to exploitation attempts. Additionally, operators should review and harden their 5G core network security policies and ensure timely patch management practices to prevent exploitation of similar vulnerabilities.