Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
6.5
Ella Core Crashes on Malformed NAS Messages
GHSA-3366-gw57-fcm5
CVE-2026-33283
GO-2026-4776
Summary
Ella Core is vulnerable to a crash when receiving specially crafted NAS messages. This can cause service disruption for all connected subscribers. To fix, software updates that add a security check for malformed NAS messages are required.
What to do
- Update github.com ellanetworks to version 1.6.0.
- Update ellanetworks github.com/ellanetworks/core to version 1.6.0.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| github.com | ellanetworks | <= 1.6.0 | 1.6.0 |
| ellanetworks | github.com/ellanetworks/core | <= 1.6.0 | 1.6.0 |
Original title
Ella Core is a 5G core designed for private networks. Versions prior to 1.6.0 panic when processing malformed UL NAS Transport NAS messages without a Request Type. An attacker able to send crafted ...
Original description
Ella Core is a 5G core designed for private networks. Versions prior to 1.6.0 panic when processing malformed UL NAS Transport NAS messages without a Request Type. An attacker able to send crafted NAS messages to Ella Core can crash the process, causing service disruption for all connected subscribers. No authentication is required. Version 1.6.0 adds a guard when receiving an UL NAS Message without a Request Type given no SM Context.
ghsa CVSS3.1
6.5
Vulnerability type
CWE-476
NULL Pointer Dereference
Published: 24 Mar 2026 · Updated: 24 Mar 2026 · First seen: 19 Mar 2026