Is Null Pointer Dereference affected by CVE-2026-33282?

Ella Core infrastructure is vulnerable to denial-of-service attacks that require no authentication, allowing attackers to crash the service and disrupt connectivity for all subscribers.

CVE-2026-33282

HIGH

2026-03-19 https://github.com/ellanetworks/core

GHSA-826q-wrq4-p23x

7.5

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Lifecycle Timeline

Patch Released

Mar 31, 2026 - 21:13 nvd

Patch available

Analysis Generated

Mar 19, 2026 - 18:00 vuln.today

CVE Published

Mar 19, 2026 - 17:47 nvd

HIGH 7.5

Description

## Summary Ella Core panics when processing a malformed NGAP LocationReport message with `ue-presence-in-area-of-interest` event type and omitting the optional `UEPresenceInAreaOfInterestList` IE. ## Impact An attacker able to send crafted NGAP messages to Ella Core can crash the process, causing service disruption for all connected subscribers. No authentication is required. ## Fix Added IE presence verification to NGAP message handling.

Analysis

Ella Core is vulnerable to a denial of service attack via a null pointer dereference when processing malformed NGAP LocationReport messages that omit the required UEPresenceInAreaOfInterestList field. An unauthenticated attacker with network access can crash the Ella Core process, disrupting service for all connected subscribers. …

Remediation

Within 24 hours: Inventory all Ella Core instances and assess exposure; enable enhanced logging for NGAP message validation. Within 7 days: Implement network segmentation to restrict NGAP message sources to trusted signaling endpoints; establish incident response procedures for suspected exploitation. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.0

CVSS: +38

POC: 0

CVE-2026-33282 vulnerability details – vuln.today

Back

CVE-2026-33282

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Analysis

Full analysis requires sign-in

Priority Score

Share

CVE-2026-33282

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Full analysis requires sign-in

Priority Score

Share

External POC / Exploit Code