5G Core Service Disruption in Ella Core by Ella Networks
CVE-2026-33907

6.5MEDIUM

Key Information:

Vendor

Ellanetworks

Status
Core
Vendor
CVE Published:
27 March 2026

What is CVE-2026-33907?

Ella Core, a 5G core solution by Ella Networks, is susceptible to a vulnerability that allows an attacker to send crafted NAS messages, which can lead to a process crash. This results in a complete service disruption for all connected subscribers without requiring any form of authentication. The issue arises from the failure to properly handle Authentication Response and Authentication Failure NAS messages that lack Information Elements (IEs). This vulnerability has been addressed in version 1.7.0, which incorporates IE presence verification to enhance the handling of NAS messages.

Affected Version(s)

core < 1.7.0

References

https://github.com/ellanetworks/core/security/advisories/...
x_refsource_CONFIRM
https://github.com/ellanetworks/core/commit/52962660e3bd3...
x_refsource_MISC
https://github.com/ellanetworks/core/releases/tag/v1.7.0
x_refsource_MISC

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.