CVE-2026-33906
Ella Core has Privilege Escalation via Database Restore by NetworkManager role
CVSS Score
7.2
EPSS Score
0.0%
EPSS Percentile
8th
Ella Core is a 5G core designed for private networks. Prior to version 1.7.0, the NetworkManager role was granted backup and restore permission. The restore endpoint accepted any valid SQLite file without verifying its contents. A NetworkManager could replace the production database with a tampered copy to escalate to Admin, gaining access to user management, audit logs, debug endpoints, and operator identity configuration that the role was explicitly denied. In version 1.7.0, backup and restore permissions have been removed from the NetworkManager role.
| CWE | CWE-269 |
| Vendor | ellanetworks |
| Product | core |
| Published | Mar 27, 2026 |
| Last Updated | Mar 31, 2026 |
Stay Ahead of the Next One
Get instant alerts for ellanetworks core
Be the first to know when new high vulnerabilities affecting ellanetworks core are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Affected Versions
ellanetworks / core
< 1.7.0