Ella Core Panics during NAS Authentication Response/Failure with missing IEs

GHSA-55q8-2gwx-29pc · CVE-2026-33907 · GO-2026-4872

Published Mar 26, 2026 · Modified Apr 2, 2026

Description

Summary

Ella Core panics when processing Authentication Response and Authentication Failure NAS message missing IEs.

Impact

An attacker able to send crafted NAS messages to Ella Core can crash the process, causing service disruption for all connected subscribers. No authentication is required.

Fix

Added IE presence verification to NAS message handling.

References

WEB https://github.com/ellanetworks/core/security/advisories/GHSA-55q8-2gwx-29pc
ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2026-33907
WEB https://github.com/ellanetworks/core/commit/52962660e3bd3e23c7e96b0da270ac1e0e705273
PACKAGE https://github.com/ellanetworks/core
WEB https://github.com/ellanetworks/core/releases/tag/v1.7.0

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes