Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.5
Ella Core Crashes When Processing Malformed Location Report
GHSA-826q-wrq4-p23x
CVE-2026-33282
GO-2026-4780
Summary
A specially crafted message to Ella Core can cause it to crash, disrupting services for all connected users. This can happen without any login or authentication. To fix this, the developers have made changes to how Ella Core handles these messages.
What to do
- Update github.com ellanetworks to version 1.6.0.
- Update ellanetworks github.com/ellanetworks/core to version 1.6.0.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| github.com | ellanetworks | <= 1.6.0 | 1.6.0 |
| ellanetworks | github.com/ellanetworks/core | <= 1.6.0 | 1.6.0 |
Original title
Ella Core is a 5G core designed for private networks. Versions prior to 1.6.0 panic when processing a malformed NGAP LocationReport message with `ue-presence-in-area-of-interest` event type and om...
Original description
Ella Core is a 5G core designed for private networks. Versions prior to 1.6.0 panic when processing a malformed NGAP LocationReport message with `ue-presence-in-area-of-interest` event type and omitting the optional `UEPresenceInAreaOfInterestList` IE. An attacker able to send crafted NGAP messages to Ella Core can crash the process, causing service disruption for all connected subscribers. No authentication is required. Version 1.6.0 added IE presence verification to NGAP message handling.
ghsa CVSS3.1
7.5
Vulnerability type
CWE-476
NULL Pointer Dereference
Published: 24 Mar 2026 · Updated: 24 Mar 2026 · First seen: 19 Mar 2026