CVE-2026-33283 in ellanetworks coreinfo

Summary

Ella Core is a 5G core designed for private networks. Versions prior to 1.6.0 panic when processing malformed UL NAS Transport NAS messages without a Request Type. An attacker able to send crafted NAS messages to Ella Core can crash the process, causing service disruption for all connected subscribers. No authentication is required. Version 1.6.0 adds a guard when receiving an UL NAS Message without a Request Type given no SM Context.

Responsible

GitHub_M

Reservation

03/18/2026

Disclosure

03/24/2026

Entries

VulDB provides additional information and datapoints for this CVE:

ID	Vulnerability	CWE	Exp	Cou	CVE
352610	ellanetworks core UL NAS Transport NAS Message null pointer dereference	476	Not defined	Official fix	CVE-2026-33283

Description

CPE

CWE

CVSS

Exploits

History

Diff

Relate

Threat Intelligence

API JSON

API XML

API CSV

◂ PreviousOverviewNext ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!