CVE-2026-33906
HIGHElla Core has Privilege Escalation via Database Restore by NetworkManager role
Title source: cnaDescription
Ella Core is a 5G core designed for private networks. Prior to version 1.7.0, the NetworkManager role was granted backup and restore permission. The restore endpoint accepted any valid SQLite file without verifying its contents. A NetworkManager could replace the production database with a tampered copy to escalate to Admin, gaining access to user management, audit logs, debug endpoints, and operator identity configuration that the role was explicitly denied. In version 1.7.0, backup and restore permissions have been removed from the NetworkManager role.
References (3)
Core 3
Core References
X_Refsource_Confirm x_refsource_confirm
https://github.com/ellanetworks/core/security/advisories/GHSA-87j9-m7x6-hvw2
X_Refsource_Misc x_refsource_misc
https://github.com/ellanetworks/core/commit/1e4768288a6519fcb63ec83f851584ecebb8a972
X_Refsource_Misc x_refsource_misc
https://github.com/ellanetworks/core/releases/tag/v1.7.0
Scores
CVSS v3
7.2
EPSS
0.0039
EPSS Percentile
30.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-269
Status
published
Products (3)
ellanetworks/core
0 - 1.7.0Go
ellanetworks/core
< 1.7.0
ellanetworks/ella_core
< 1.7.0
Published
Mar 27, 2026
Tracked Since
Mar 29, 2026