What is the CVSS score of CVE-2026-33283?

CVE-2026-33283 has a CVSS 3.1 base score of 6.5 (Medium). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H. EPSS exploitation probability: 0.0%.

Which versions of Suse are affected by CVE-2026-33283?

CVE-2026-33283 presents notable security risk, a null pointer dereference vulnerability rated CVSS 6.5. Exploitation could compromise the security of affected deployments.. A patch is available.

Suse CVE-2026-33283

MEDIUM

NULL Pointer Dereference (CWE-476)

2026-03-19 https://github.com/ellanetworks/core

GHSA-3366-gw57-fcm5

Denial Of Service Null Pointer Dereference Suse

6.5

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Lifecycle Timeline

Patch released

Mar 31, 2026 - 21:13 nvd

Patch available

Analysis Generated

Mar 19, 2026 - 18:00 vuln.today

CVE Published

Mar 19, 2026 - 17:47 nvd

MEDIUM 6.5

DescriptionNVD

Summary

Ella Core panics when processing malformed UL NAS Transport NAS messages without a Request Type.

Impact

An attacker able to send crafted NAS messages to Ella Core can crash the process, causing service disruption for all connected subscribers. No authentication is required.

Fix

Add a guard when receiving an UL NAS Message without a Request Type given no SM Context.

AnalysisAI

Ella Core contains a null pointer dereference vulnerability (CWE-476) that causes the process to panic when processing malformed UL NAS Transport NAS messages that lack a Request Type field, particularly when no SM Context is present. An attacker with network access and minimal privileges can send crafted NAS messages to trigger this crash, resulting in complete denial of service for all connected subscribers without requiring authentication. …

RemediationAI

Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. Monitor vendor channels for patch availability.

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

More from same product – last 7 days

CVE-2026-9256 HIGH This Week

8.1 May 22

Heap buffer overflow in NGINX Plus and NGINX Open Source ngx_http_rewrite_module allows unauthenticated remote attackers

Vendor StatusVendor

CVE-2026-33283 vulnerability details – vuln.today

Back

Suse CVE-2026-33283

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

Summary

Impact

Fix

AnalysisAI

RemediationAI

Full analysis requires sign-in

More from same product – last 7 days

Vendor StatusVendor

Share

External POC / Exploit Code