What is CVE-2026-33907?

CVE-2026-33907 is a medium-severity vulnerability in Ellanetworks Core, classified under NULL Pointer Dereference. CVSS score: 6.5/10. Published 2026-03-27.

How severe is CVE-2026-33907?

Medium severity. CVSS v3 base score is 6.5 out of 10.

NULL pointer dereference in Ellanetworks Core

CVE-2026-33907

Ella Core is a 5G core designed for private networks. Versions prior to 1.7.0 panic when processing Authentication Response and Authentication Failure NAS message missing IEs. An attacker able to send crafted NAS messages to Ella Core can…

EPSS: 0.001 (21.2th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.5 (Medium). Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H.

Affected products

Ellanetworks Core — versions < 1.7.0

Weakness classification (CWE)

CWE-476 — NULL Pointer Dereference

References

https://github.com/ellanetworks/core/security/advisories/GHSA-55q8-2gwx-29pc (x_refsource_CONFIRM)
https://github.com/ellanetworks/core/commit/52962660e3bd3e23c7e96b0da270ac1e0e705273 (x_refsource_MISC)
https://github.com/ellanetworks/core/releases/tag/v1.7.0 (x_refsource_MISC)

Frequently asked questions

What is CVE-2026-33907?: CVE-2026-33907 is a medium-severity vulnerability in Ellanetworks Core, classified under NULL Pointer Dereference. CVSS score: 6.5/10. Published 2026-03-27.
How severe is CVE-2026-33907?: Medium severity. CVSS v3 base score is 6.5 out of 10.