Ella Core panics on malformed ULNASTransport Message without a Request Type
Description
Ella Core is a 5G core designed for private networks. Versions prior to 1.6.0 panic when processing malformed UL NAS Transport NAS messages without a Request Type. An attacker able to send crafted NAS messages to Ella Core can crash the process, causing service disruption for all connected subscribers. No authentication is required. Version 1.6.0 adds a guard when receiving an UL NAS Message without a Request Type given no SM Context.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Ella Core 5G core prior to 1.6.0 panics on malformed UL NAS Transport messages missing a Request Type, allowing unauthenticated remote attackers to crash the process and cause service disruption.
Vulnerability
Description
Ella Core, a 5G core designed for private networks, contains a denial-of-service vulnerability in versions prior to 1.6.0. The software panics when processing a malformed UL NAS Transport NAS message that lacks a Request Type field. This occurs because the code does not validate the presence of the Request Type before attempting to handle the message, leading to a panic and process crash [1][3].
Attack
Vector and Exploitation
An attacker can exploit this vulnerability by sending a crafted NAS message over the network to the Ella Core instance. No authentication is required, and the attack can be performed remotely with low complexity. The vulnerability is triggered solely by the malformed message, without requiring any user interaction or special privileges [3].
Impact
Successful exploitation causes the Ella Core process to crash, resulting in a complete denial of service for all connected subscribers. Since the crash disrupts the core network functions, all subscriber sessions are terminated and service is unavailable until the process is restarted. There is no impact on confidentiality or integrity [1][3].
Mitigation
The vulnerability is fixed in Ella Core version 1.6.0, which adds a guard to check for the presence of a Request Type when receiving an UL NAS Message without an SM Context. Users should upgrade to version 1.6.0 or later. No workarounds are available [1][3].
AI Insight generated on May 18, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/ellanetworks/coreGo | < 1.6.0 | 1.6.0 |
Affected products
2- Range: <1.6.0
- ellanetworks/corev5Range: < 1.6.0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- github.com/advisories/GHSA-3366-gw57-fcm5ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2026-33283ghsaADVISORY
- github.com/ellanetworks/core/security/advisories/GHSA-3366-gw57-fcm5ghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.