Is CVE-2026-33904 actively exploited?

CVE-2026-33904 has no public evidence of in-the-wild exploitation as of 2026-04-20.

What is the CVSS score for CVE-2026-33904?

CVE-2026-33904 has a CVSS score of 6.5 (MEDIUM severity). Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H.

How do I patch CVE-2026-33904?

Patch guidance is available from ellanetworks security advisories. CVEDatabase generates AI-assisted remediation guidance on demand for CVE-2026-33904.

Which products are affected by CVE-2026-33904?

1 product: ellanetworks ella core.

CVE-2026-33904 - remediation guidance & executive summary

Description

Ella Core is a 5G core designed for private networks. Prior to version 1.7.0, a deadlock in the AMF's SCTP notification handler causes the entire AMF control plane to hang until the process is restarted. An attacker with access to the N2 interface can cause Ella Core to hang, resulting in a denial of service for all subscribers. Version 1.7.0 adds deferred Radio cleanup in serveConn SCTP server so that every connection exit path removes the radio. Remove the stale-entry scan from SCTP Notification handling.

CVSS Metrics

Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector: adjacent network
Complexity: low
Privileges: none
User Action: none
Scope: unchanged
Confidentiality: none
Integrity: none
Availability: high
Weaknesses: CWE-833

Metadata

Primary Vendor: ELLANETWORKS
Published: 3/27/2026
Last Modified: 4/20/2026
Source: NIST NVD
Note: Verify all details with official vendor sources before applying patches.

CVE-2026-33904

Description

CVSS Metrics

Metadata

Affected Products

Remediation Guidance

Executive Summary