{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-33281", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-03-18T18:55:47.425Z", "datePublished": "2026-03-23T23:46:12.797Z", "dateUpdated": "2026-03-24T13:32:41.782Z"}, "containers": {"cna": {"title": "Ella Core panics on invalid PDU Session IDs in NGAP messages", "problemTypes": [{"descriptions": [{"cweId": "CWE-129", "lang": "en", "description": "CWE-129: Improper Validation of Array Index", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/ellanetworks/core/security/advisories/GHSA-q669-4gmv-g8mf", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/ellanetworks/core/security/advisories/GHSA-q669-4gmv-g8mf"}], "affected": [{"vendor": "ellanetworks", "product": "core", "versions": [{"version": "< 1.6.0", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-23T23:46:12.797Z"}, "descriptions": [{"lang": "en", "value": "Ella Core is a 5G core designed for private networks. Versions prior to 1.6.0 panic when processing NGAP messages with invalid PDU Session IDs outside of 1-15. An attacker able to send crafted NGAP messages to Ella Core can crash the process, causing service disruption for all connected subscribers. No authentication is required. Version 1.6.0 added PDU Session ID validations during NGAP message handling."}], "source": {"advisory": "GHSA-q669-4gmv-g8mf", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-24T13:32:12.303642Z", "id": "CVE-2026-33281", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-24T13:32:41.782Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-33281", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-24T13:32:12.303642Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-24T13:32:17.648Z"}}], "cna": {"title": "Ella Core panics on invalid PDU Session IDs in NGAP messages", "source": {"advisory": "GHSA-q669-4gmv-g8mf", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "ellanetworks", "product": "core", "versions": [{"status": "affected", "version": "< 1.6.0"}]}], "references": [{"url": "https://github.com/ellanetworks/core/security/advisories/GHSA-q669-4gmv-g8mf", "name": "https://github.com/ellanetworks/core/security/advisories/GHSA-q669-4gmv-g8mf", "tags": ["x_refsource_CONFIRM"]}], "descriptions": [{"lang": "en", "value": "Ella Core is a 5G core designed for private networks. Versions prior to 1.6.0 panic when processing NGAP messages with invalid PDU Session IDs outside of 1-15. An attacker able to send crafted NGAP messages to Ella Core can crash the process, causing service disruption for all connected subscribers. No authentication is required. Version 1.6.0 added PDU Session ID validations during NGAP message handling."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-129", "description": "CWE-129: Improper Validation of Array Index"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-23T23:46:12.797Z"}}}, "cveMetadata": {"cveId": "CVE-2026-33281", "state": "PUBLISHED", "dateUpdated": "2026-03-24T13:32:41.782Z", "dateReserved": "2026-03-18T18:55:47.425Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-03-23T23:46:12.797Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ellanetworks:ella_core:*:*:*:*:*:*:*:*", "matchCriteriaId": "4A60BFD6-666C-4509-BE38-04CBFF557242", "versionEndExcluding": "1.6.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Ella Core is a 5G core designed for private networks. Versions prior to 1.6.0 panic when processing NGAP messages with invalid PDU Session IDs outside of 1-15. An attacker able to send crafted NGAP messages to Ella Core can crash the process, causing service disruption for all connected subscribers. No authentication is required. Version 1.6.0 added PDU Session ID validations during NGAP message handling."}, {"lang": "es", "value": "Ella Core es un n\u00facleo 5G dise\u00f1ado para redes privadas. Las versiones anteriores a la 1.6.0 entran en p\u00e1nico al procesar mensajes NGAP con ID de sesi\u00f3n PDU inv\u00e1lidos fuera de 1-15. Un atacante capaz de enviar mensajes NGAP manipulados a Ella Core puede provocar la ca\u00edda del proceso, causando una interrupci\u00f3n del servicio para todos los suscriptores conectados. No se requiere autenticaci\u00f3n. La versi\u00f3n 1.6.0 a\u00f1adi\u00f3 validaciones de ID de sesi\u00f3n PDU durante el manejo de mensajes NGAP."}], "id": "CVE-2026-33281", "lastModified": "2026-03-24T19:36:10.893", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-03-24T00:16:30.200", "references": [{"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/ellanetworks/core/security/advisories/GHSA-q669-4gmv-g8mf"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-129"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,1.6.0)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "core", "source": "cna", "vendor": "ellanetworks"}, "product": "core", "vendor": "ellanetworks"}], "analysis": {"en": {"generated_at": "2026-03-24T20:54:17.751319+00:00", "value": {"mitigation_remediation": ["Upgrade Ellanetworks Ella Core to version\u202f1.6.0 or later, which includes the necessary PDU Session ID validation.", "If an immediate upgrade is not possible, limit access to the NGAP interface so that only trusted or authenticated sources can send traffic, and consider filtering or blocking packets that contain invalid PDU Session IDs.", "Monitor system logs for unexpected service restarts or crashes, and maintain regular security reviews and patch management practices to ensure the core remains up to date."], "summary": {"action": "Immediate Patch", "impact": "Denial of Service via crash"}, "threat_synthesis": {"affected_systems": "All installations of Ellanetworks Ella Core running any version older than 1.6.0 are affected. The problem is specific to the handling of NGAP protocol messages within the core stack; newer releases add validation to prevent the crash.", "description_and_impact": "Ella Core, a 5G core platform designed for private networks, has a flaw in older releases that causes the service to panic when processing NGAP messages containing PDU Session IDs outside the valid range of 1\u201115. The panic conditions result in a process crash and the abrupt termination of the core, which disrupts services for all subscribers in the network. This weakness is an integer range error (CWE\u2011129) and does not depend on any privileged access to the system.", "risk_and_exploitability": "The CVSS base score of 6.5 indicates a moderate severity for this denial\u2011of\u2011service vulnerability. EPSS suggests that exploitation is uncommon, and the vulnerability is not listed in the CISA KEV catalog. Exploitation requires only the ability to transmit crafted NGAP packets to the core; no authentication is necessary. The likely attack vector is remote control of the NGAP interface, where an adversary can inject malformed traffic without additional prerequisites. Because the vulnerability is triggered by any out\u2011of\u2011range PDU Session ID, an attacker could trigger the crash simply by sending such packets over the network."}}}}, "created": "2026-03-24T10:29:45.192115+00:00", "updated": "2026-03-25T21:27:52.060201+00:00", "vendors": ["ellanetworks", "ellanetworks$PRODUCT$core"]}