CVE-2026-33281

Published: Mar 24, 2026 Last Modified: Mar 24, 2026

ExploitDB:

Other exploit source:

Google Dorks:

MEDIUM 6,5

Source: [email protected]

Attack Vector: network

Attack Complexity: low

Privileges Required: low

User Interaction: none

Scope: unchanged

Confidentiality: none

Integrity: none

Availability: high

Description

AI Translation Available

Ella Core is a 5G core designed for private networks. Versions prior to 1.6.0 panic when processing NGAP messages with invalid PDU Session IDs outside of 1-15. An attacker able to send crafted NGAP messages to Ella Core can crash the process, causing service disruption for all connected subscribers. No authentication is required. Version 1.6.0 added PDU Session ID validations during NGAP message handling.

129

Improper Validation of Array Index

Draft

Abstraction: Variant Structure: Simple

Common Consequences

Security Scopes Affected:

Integrity Availability Confidentiality

Potential Impacts:

Dos: Crash, Exit, Or Restart Modify Memory Read Memory Execute Unauthorized Code Or Commands

Applicable Platforms

Languages: C, C++, Not Language-Specific

Likelihood of Exploit: High

View CWE Details

https://github.com/ellanetworks/core/security/advisories/GH…

https://github.com/ellanetworks/core/security/advisories/GHSA-q669-4gmv-g8mf

CVE-2026-33281

Description

Improper Validation of Array Index

Common Consequences

Applicable Platforms

Iscriviti alla newsletter