Skip to main content

CVE-2026-33903

MEDIUM
NULL Pointer Dereference (CWE-476)
2026-03-26 https://github.com/ellanetworks/core
6.5
CVSS 3.1 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
6.5 MEDIUM
AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
SUSE
MEDIUM
qualitative

Primary rating from GitHub Advisory.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

3
Analysis Generated
Mar 26, 2026 - 22:16 vuln.today
Patch released
Mar 26, 2026 - 22:16 nvd
Patch available
CVE Published
Mar 26, 2026 - 22:11 nvd
MEDIUM 6.5

DescriptionGitHub Advisory

Summary

Ella Core panics when processing a specially crafted NGAP LocationReport message.

Impact

An attacker able to send crafted NGAP messages to Ella Core can crash the process, causing service disruption for all connected subscribers.

Fix

Add guards in NGAP Location Report handler.

AnalysisAI

Ella Core suffers a null pointer dereference vulnerability in its NGAP LocationReport message handler that causes the process to panic and crash, enabling unauthenticated network-adjacent attackers to trigger denial of service affecting all connected mobile subscribers. The vulnerability (CVE-2026-33903, CVSS 6.5) stems from missing input validation guards and has a vendor-released patch available in version 1.7.0; no public exploit code or active exploitation has been identified at time of analysis.

Technical ContextAI

Ella Core (pkg:go/github.com_ellanetworks_core) is a Go-based telecom signaling platform that implements NGAP (NG Application Protocol), the control plane protocol between 5G core and radio access networks. The vulnerability is a null pointer dereference (CWE-476) occurring in the LocationReport message handler, a standard NGAP procedure used to report UE location updates. The missing guard means the handler does not validate pointer validity before dereferencing, causing an unhandled panic that crashes the entire Ella Core process. Because LocationReport is a fundamental NGAP message sent by gNodeBs (5G base stations) during normal operation, a specially crafted malformed message can reliably trigger the panic.

RemediationAI

Upgrade Ella Core to version 1.7.0 or later, which includes the null pointer guard fixes merged in commit ec77a2ad4508f8488cb356fd45b2f1efd92587f8. The patch is available immediately from the vendor GitHub releases. Until patching is completed, implement network-level mitigations by restricting NGAP message sources to trusted gNodeBs and peer 5G core entities via ingress filtering on the SCTP/N2 interface, and consider deploying a message validation proxy that sanitizes LocationReport payloads before forwarding to Ella Core. Monitor Ella Core process logs and implement alerting on unexpected panic/crash events to detect exploitation attempts.

Vendor StatusVendor

SUSE

Severity: Medium

Share

CVE-2026-33903 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy