What is the CVSS score of CVE-2026-33282?

CVE-2026-33282 has a CVSS 3.1 base score of 7.5 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. EPSS exploitation probability: 0.0%.

Which versions of Suse are affected by CVE-2026-33282?

Ella Core infrastructure is vulnerable to denial-of-service attacks that require no authentication, allowing attackers to crash the service and disrupt connectivity for all subscribers.. A patch is available.

Suse CVE-2026-33282

HIGH

NULL Pointer Dereference (CWE-476)

2026-03-19 https://github.com/ellanetworks/core

GHSA-826q-wrq4-p23x

Denial Of Service Null Pointer Dereference Suse

7.5

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Lifecycle Timeline

Patch released

Mar 31, 2026 - 21:13 nvd

Patch available

Analysis Generated

Mar 19, 2026 - 18:00 vuln.today

CVE Published

Mar 19, 2026 - 17:47 nvd

HIGH 7.5

DescriptionNVD

Summary

Ella Core panics when processing a malformed NGAP LocationReport message with ue-presence-in-area-of-interest event type and omitting the optional UEPresenceInAreaOfInterestList IE.

Impact

An attacker able to send crafted NGAP messages to Ella Core can crash the process, causing service disruption for all connected subscribers. No authentication is required.

Fix

Added IE presence verification to NGAP message handling.

AnalysisAI

Ella Core is vulnerable to a denial of service attack via a null pointer dereference when processing malformed NGAP LocationReport messages that omit the required UEPresenceInAreaOfInterestList field. An unauthenticated attacker with network access can crash the Ella Core process, disrupting service for all connected subscribers. …

RemediationAI

Within 24 hours: Inventory all Ella Core instances and assess exposure; enable enhanced logging for NGAP message validation. Within 7 days: Implement network segmentation to restrict NGAP message sources to trusted signaling endpoints; establish incident response procedures for suspected exploitation. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

More from same product – last 7 days

CVE-2026-9256 HIGH This Week

8.1 May 22

Heap buffer overflow in NGINX Plus and NGINX Open Source ngx_http_rewrite_module allows unauthenticated remote attackers

Vendor StatusVendor

CVE-2026-33282 vulnerability details – vuln.today

Back

Suse CVE-2026-33282

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

Summary

Impact

Fix

AnalysisAI

RemediationAI

Full analysis requires sign-in

More from same product – last 7 days

Vendor StatusVendor

Share

External POC / Exploit Code