{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-33904", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-03-24T15:41:47.491Z", "datePublished": "2026-03-27T20:55:18.506Z", "dateUpdated": "2026-03-27T20:55:18.506Z"}, "containers": {"cna": {"title": "Ella Core has a Denial of Service via SCTP connection cleanup deadlock", "problemTypes": [{"descriptions": [{"cweId": "CWE-833", "lang": "en", "description": "CWE-833: Deadlock", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/ellanetworks/core/security/advisories/GHSA-9h59-p45g-445h", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/ellanetworks/core/security/advisories/GHSA-9h59-p45g-445h"}, {"name": "https://github.com/ellanetworks/core/commit/999f606c5cae261471d9e3f063d7ecd1bd754076", "tags": ["x_refsource_MISC"], "url": "https://github.com/ellanetworks/core/commit/999f606c5cae261471d9e3f063d7ecd1bd754076"}, {"name": "https://github.com/ellanetworks/core/releases/tag/v1.7.0", "tags": ["x_refsource_MISC"], "url": "https://github.com/ellanetworks/core/releases/tag/v1.7.0"}], "affected": [{"vendor": "ellanetworks", "product": "core", "versions": [{"version": "< 1.7.0", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-27T20:55:18.506Z"}, "descriptions": [{"lang": "en", "value": "Ella Core is a 5G core designed for private networks. Prior to version 1.7.0, a deadlock in the AMF's SCTP notification handler causes the entire AMF control plane to hang until the process is restarted. An attacker with access to the N2 interface can cause Ella Core to hang, resulting in a denial of service for all subscribers. Version 1.7.0 adds deferred Radio cleanup in serveConn SCTP server so that every connection exit path removes the radio. Remove the stale-entry scan from SCTP Notification handling."}], "source": {"advisory": "GHSA-9h59-p45g-445h", "discovery": "UNKNOWN"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Ella Core is a 5G core designed for private networks. Prior to version 1.7.0, a deadlock in the AMF's SCTP notification handler causes the entire AMF control plane to hang until the process is restarted. An attacker with access to the N2 interface can cause Ella Core to hang, resulting in a denial of service for all subscribers. Version 1.7.0 adds deferred Radio cleanup in serveConn SCTP server so that every connection exit path removes the radio. Remove the stale-entry scan from SCTP Notification handling."}], "id": "CVE-2026-33904", "lastModified": "2026-03-30T13:26:07.647", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-03-27T21:17:26.640", "references": [{"source": "security-advisories@github.com", "url": "https://github.com/ellanetworks/core/commit/999f606c5cae261471d9e3f063d7ecd1bd754076"}, {"source": "security-advisories@github.com", "url": "https://github.com/ellanetworks/core/releases/tag/v1.7.0"}, {"source": "security-advisories@github.com", "url": "https://github.com/ellanetworks/core/security/advisories/GHSA-9h59-p45g-445h"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-833"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,1.7.0)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "core", "source": "cna", "vendor": "ellanetworks"}, "product": "core", "vendor": "ellanetworks"}], "analysis": {"en": {"generated_at": "2026-03-28T05:29:53.747967+00:00", "value": {"mitigation_remediation": ["Upgrade Ella Core to version 1.7.0 or later"], "summary": {"action": "Immediate Patch", "impact": "Denial of Service"}, "threat_synthesis": {"affected_systems": "Affected vendors and products include Ellanetworks Core, specifically versions prior to 1.7.0. Creators released version 1.7.0 with changes to deferred radio cleanup and removal of stale\u2011entry scans that address the deadlock. Systems running any older version are at risk.", "description_and_impact": "The vulnerability arises from a deadlock in the AMF's SCTP notification handler within Ella Core, a 5G core designed for private networks. The deadlock causes the AMF control plane to freeze until the process is restarted. An attacker who can reach the N2 interface can trigger this condition, leading to a denial of service that affects all subscribers connected to the network. The weakness is classified as a deadlock condition, identified as CWE\u2011833.", "risk_and_exploitability": "The CVSS score of 6.5 indicates a medium severity, and no EPSS data is available. The vulnerability is not listed in the CISA KEV catalog. Exploitation requires access to the N2 interface, which is typically restricted to administrative or trusted entities. In environments where the N2 interface is exposed or inadequately protected, the risk of denial of service increases, and the need for a timely patch is high."}}}}, "created": "2026-03-29T20:29:55.371561+00:00", "updated": "2026-03-30T07:00:14.590566+00:00", "vendors": ["ellanetworks", "ellanetworks$PRODUCT$core"]}