Ella Core panics on malformed NGAP Location Report
Description
Ella Core is a 5G core designed for private networks. Versions prior to 1.6.0 panic when processing a malformed NGAP LocationReport message with ue-presence-in-area-of-interest event type and omitting the optional UEPresenceInAreaOfInterestList IE. An attacker able to send crafted NGAP messages to Ella Core can crash the process, causing service disruption for all connected subscribers. No authentication is required. Version 1.6.0 added IE presence verification to NGAP message handling.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Ella Core prior to 1.6.0 panics on malformed NGAP LocationReport, allowing unauthenticated remote crash.
Vulnerability
Details
Ella Core, a 5G core for private networks, panics when processing a malformed NGAP LocationReport message with event type ue-presence-in-area-of-interest and omitting the optional UEPresenceInAreaOfInterestList information element. The panic occurs due to insufficient verification of mandatory IEs, leading to a nil pointer dereference or similar crash condition [1][3].
Exploitation
An attacker can exploit this by sending a crafted NGAP message to the Ella Core process. No authentication is required, and the attacker does not need prior access to the network other than the ability to send NGAP messages on the N2 interface. This makes the vulnerability remotely exploitable from within the 5G network [1][3].
Impact
Successful exploitation crashes the Ella Core process, causing a denial of service for all connected subscribers. Since the core handles all signaling, the outage affects the entire private network, disrupting communication and data services [1][3].
Mitigation
The vulnerability is fixed in Ella Core version 1.6.0, which adds proper IE presence verification to NGAP message handling. Users should upgrade to 1.6.0 or later. No workarounds are documented [1][3].
AI Insight generated on May 18, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/ellanetworks/coreGo | < 1.6.0 | 1.6.0 |
Affected products
2- Range: <1.6.0
- ellanetworks/corev5Range: < 1.6.0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- github.com/advisories/GHSA-826q-wrq4-p23xghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2026-33282ghsaADVISORY
- github.com/ellanetworks/core/security/advisories/GHSA-826q-wrq4-p23xghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.