{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-33907", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-03-24T15:41:47.491Z", "datePublished": "2026-03-27T20:58:06.768Z", "dateUpdated": "2026-03-30T18:53:12.138Z"}, "containers": {"cna": {"title": "Ella Core Panics during NAS Authentication Response/Failure with missing IEs", "problemTypes": [{"descriptions": [{"cweId": "CWE-476", "lang": "en", "description": "CWE-476: NULL Pointer Dereference", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/ellanetworks/core/security/advisories/GHSA-55q8-2gwx-29pc", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/ellanetworks/core/security/advisories/GHSA-55q8-2gwx-29pc"}, {"name": "https://github.com/ellanetworks/core/commit/52962660e3bd3e23c7e96b0da270ac1e0e705273", "tags": ["x_refsource_MISC"], "url": "https://github.com/ellanetworks/core/commit/52962660e3bd3e23c7e96b0da270ac1e0e705273"}, {"name": "https://github.com/ellanetworks/core/releases/tag/v1.7.0", "tags": ["x_refsource_MISC"], "url": "https://github.com/ellanetworks/core/releases/tag/v1.7.0"}], "affected": [{"vendor": "ellanetworks", "product": "core", "versions": [{"version": "< 1.7.0", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-27T20:58:06.768Z"}, "descriptions": [{"lang": "en", "value": "Ella Core is a 5G core designed for private networks. Versions prior to 1.7.0 panic when processing Authentication Response and Authentication Failure NAS message missing IEs. An attacker able to send crafted NAS messages to Ella Core can crash the process, causing service disruption for all connected subscribers. No authentication is required. Version 1.7.0 added IE presence verification to NAS message handling."}], "source": {"advisory": "GHSA-55q8-2gwx-29pc", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-30T18:53:05.536896Z", "id": "CVE-2026-33907", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-30T18:53:12.138Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-33907", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-30T18:53:05.536896Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-30T18:53:09.323Z"}}], "cna": {"title": "Ella Core Panics during NAS Authentication Response/Failure with missing IEs", "source": {"advisory": "GHSA-55q8-2gwx-29pc", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "ellanetworks", "product": "core", "versions": [{"status": "affected", "version": "< 1.7.0"}]}], "references": [{"url": "https://github.com/ellanetworks/core/security/advisories/GHSA-55q8-2gwx-29pc", "name": "https://github.com/ellanetworks/core/security/advisories/GHSA-55q8-2gwx-29pc", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/ellanetworks/core/commit/52962660e3bd3e23c7e96b0da270ac1e0e705273", "name": "https://github.com/ellanetworks/core/commit/52962660e3bd3e23c7e96b0da270ac1e0e705273", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/ellanetworks/core/releases/tag/v1.7.0", "name": "https://github.com/ellanetworks/core/releases/tag/v1.7.0", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Ella Core is a 5G core designed for private networks. Versions prior to 1.7.0 panic when processing Authentication Response and Authentication Failure NAS message missing IEs. An attacker able to send crafted NAS messages to Ella Core can crash the process, causing service disruption for all connected subscribers. No authentication is required. Version 1.7.0 added IE presence verification to NAS message handling."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-476", "description": "CWE-476: NULL Pointer Dereference"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-27T20:58:06.768Z"}}}, "cveMetadata": {"cveId": "CVE-2026-33907", "state": "PUBLISHED", "dateUpdated": "2026-03-30T18:53:12.138Z", "dateReserved": "2026-03-24T15:41:47.491Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-03-27T20:58:06.768Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Ella Core is a 5G core designed for private networks. Versions prior to 1.7.0 panic when processing Authentication Response and Authentication Failure NAS message missing IEs. An attacker able to send crafted NAS messages to Ella Core can crash the process, causing service disruption for all connected subscribers. No authentication is required. Version 1.7.0 added IE presence verification to NAS message handling."}], "id": "CVE-2026-33907", "lastModified": "2026-03-30T13:26:07.647", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-03-27T21:17:27.003", "references": [{"source": "security-advisories@github.com", "url": "https://github.com/ellanetworks/core/commit/52962660e3bd3e23c7e96b0da270ac1e0e705273"}, {"source": "security-advisories@github.com", "url": "https://github.com/ellanetworks/core/releases/tag/v1.7.0"}, {"source": "security-advisories@github.com", "url": "https://github.com/ellanetworks/core/security/advisories/GHSA-55q8-2gwx-29pc"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,1.7.0)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "core", "source": "cna", "vendor": "ellanetworks"}, "product": "core", "vendor": "ellanetworks"}], "analysis": {"en": {"generated_at": "2026-03-28T05:57:33.114120+00:00", "value": {"mitigation_remediation": ["Upgrade Ella Core to version 1.7.0 or later, which adds Information Element presence verification to NAS message handling."], "summary": {"action": "Patch Now", "impact": "Denial of Service"}, "threat_synthesis": {"affected_systems": "This flaw impacts all Ella Networks Ella Core installations running any version older than 1.7.0. Those operators that rely on the affected core stack in their private 5G infrastructure are therefore exposed, as the vulnerable code resides in the core NAS message handling component.", "description_and_impact": "Ella Core is a private\u2011network 5G core that crashes when it receives an Authentication Response or Authentication Failure NAS message lacking required Information Elements. The crash occurs due to a null pointer dereference, which causes the authentication service to panic and terminate, leading to a full service outage for all connected subscribers. The vulnerability provides attackers a way to disrupt network availability, but does not affect confidentiality or integrity. The weakness is a classic null pointer dereference (CWE\u2011476).", "risk_and_exploitability": "The CVSS score of 6.5 indicates a moderate severity level. No authentication is required; an attacker only needs the ability to send crafted NAS messages to the core. Based on the description, the likely attack vector is from a network device that can reach the NAS interface, making the vulnerability feasible for nearby adversaries. The EPSS score is not available and the issue is not listed in CISA\u2019s KEV catalog, suggesting no documented broad exploitation, yet the ease of triggering a crash and its global impact on subscribers keep the risk high for operators."}}}}, "created": "2026-03-29T20:29:53.545715+00:00", "updated": "2026-03-30T07:00:12.756423+00:00", "vendors": ["ellanetworks", "ellanetworks$PRODUCT$core"]}