{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-33903", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-03-24T15:41:47.491Z", "datePublished": "2026-03-27T20:52:37.157Z", "dateUpdated": "2026-03-30T15:42:36.950Z"}, "containers": {"cna": {"title": "Ella Core panics when processing a crafted NGAP LocationReport message", "problemTypes": [{"descriptions": [{"cweId": "CWE-476", "lang": "en", "description": "CWE-476: NULL Pointer Dereference", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/ellanetworks/core/security/advisories/GHSA-f2f3-9cx3-wcmf", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/ellanetworks/core/security/advisories/GHSA-f2f3-9cx3-wcmf"}, {"name": "https://github.com/ellanetworks/core/commit/ec77a2ad4508f8488cb356fd45b2f1efd92587f8", "tags": ["x_refsource_MISC"], "url": "https://github.com/ellanetworks/core/commit/ec77a2ad4508f8488cb356fd45b2f1efd92587f8"}, {"name": "https://github.com/ellanetworks/core/releases/tag/v1.7.0", "tags": ["x_refsource_MISC"], "url": "https://github.com/ellanetworks/core/releases/tag/v1.7.0"}], "affected": [{"vendor": "ellanetworks", "product": "core", "versions": [{"version": "< 1.7.0", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-27T20:52:37.157Z"}, "descriptions": [{"lang": "en", "value": "Ella Core is a 5G core designed for private networks. Versions prior to 1.7.0 panic when processing a specially crafted NGAP LocationReport message. An attacker able to send crafted NGAP messages to Ella Core can crash the process, causing service disruption for all connected subscribers. Version 1.7.0 adds guards in NGAP Location Report handler."}], "source": {"advisory": "GHSA-f2f3-9cx3-wcmf", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-30T15:42:19.338459Z", "id": "CVE-2026-33903", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-30T15:42:36.950Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-33903", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-30T15:42:19.338459Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-30T15:42:32.958Z"}}], "cna": {"title": "Ella Core panics when processing a crafted NGAP LocationReport message", "source": {"advisory": "GHSA-f2f3-9cx3-wcmf", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "ellanetworks", "product": "core", "versions": [{"status": "affected", "version": "< 1.7.0"}]}], "references": [{"url": "https://github.com/ellanetworks/core/security/advisories/GHSA-f2f3-9cx3-wcmf", "name": "https://github.com/ellanetworks/core/security/advisories/GHSA-f2f3-9cx3-wcmf", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/ellanetworks/core/commit/ec77a2ad4508f8488cb356fd45b2f1efd92587f8", "name": "https://github.com/ellanetworks/core/commit/ec77a2ad4508f8488cb356fd45b2f1efd92587f8", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/ellanetworks/core/releases/tag/v1.7.0", "name": "https://github.com/ellanetworks/core/releases/tag/v1.7.0", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Ella Core is a 5G core designed for private networks. Versions prior to 1.7.0 panic when processing a specially crafted NGAP LocationReport message. An attacker able to send crafted NGAP messages to Ella Core can crash the process, causing service disruption for all connected subscribers. Version 1.7.0 adds guards in NGAP Location Report handler."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-476", "description": "CWE-476: NULL Pointer Dereference"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-27T20:52:37.157Z"}}}, "cveMetadata": {"cveId": "CVE-2026-33903", "state": "PUBLISHED", "dateUpdated": "2026-03-30T15:42:36.950Z", "dateReserved": "2026-03-24T15:41:47.491Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-03-27T20:52:37.157Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ellanetworks:ella_core:*:*:*:*:*:*:*:*", "matchCriteriaId": "9BAD1DBD-ED4B-49AB-A563-C4838F8F8979", "versionEndExcluding": "1.7.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Ella Core is a 5G core designed for private networks. Versions prior to 1.7.0 panic when processing a specially crafted NGAP LocationReport message. An attacker able to send crafted NGAP messages to Ella Core can crash the process, causing service disruption for all connected subscribers. Version 1.7.0 adds guards in NGAP Location Report handler."}], "id": "CVE-2026-33903", "lastModified": "2026-04-20T12:29:28.713", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-03-27T21:17:26.477", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/ellanetworks/core/commit/ec77a2ad4508f8488cb356fd45b2f1efd92587f8"}, {"source": "security-advisories@github.com", "tags": ["Release Notes"], "url": "https://github.com/ellanetworks/core/releases/tag/v1.7.0"}, {"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/ellanetworks/core/security/advisories/GHSA-f2f3-9cx3-wcmf"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,1.7.0)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "core", "source": "cna", "vendor": "ellanetworks"}, "product": "core", "vendor": "ellanetworks"}], "analysis": {"en": {"generated_at": "2026-03-28T05:57:45.864879+00:00", "value": {"mitigation_remediation": ["Upgrade Ella Core to version 1.7.0 or later, which adds guard checks to the NGAP Location Report handler."], "summary": {"action": "Apply patch", "impact": "Denial of Service"}, "threat_synthesis": {"affected_systems": "All releases of Ella Networks Core older than version 1.7.0 are affected. The problem resides in the core product shipped by Ella Networks and is specific to the NGAP LocationReport handler in these firmware versions.", "description_and_impact": "Ella Core, a 5G core system for private networks, contains a bug that causes the application to panic when it processes a specially crafted NGAP LocationReport message. The vulnerability is a NULL pointer dereference (CWE\u2011476) that terminates the core process, thereby interrupting all services for connected subscribers. The crash results in a service disruption without providing any means of remote code execution or data exfiltration.", "risk_and_exploitability": "The CVSS score of 6.5 indicates moderate severity. No EPSS score is available, and the vulnerability is not listed in the CISA KEV catalog. The attack requires the ability to send crafted NGAP messages to the core, which typically means access to the network interface handling NGAP traffic. An attacker with network connectivity to the core or a compromised internal node could exploit this flaw, causing a denial of service for all subscribers."}}}}, "created": "2026-03-29T20:29:56.264332+00:00", "updated": "2026-03-30T07:00:15.485373+00:00", "vendors": ["ellanetworks", "ellanetworks$PRODUCT$core"]}