CVE-2026-33906

CVSS v3.1

7.2

High

Vector

AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Ella Core versions prior to 1.7.0

Description Ella Core is a 5G core designed for private networks. The NetworkManager role had backup and restore permissions. The restore endpoint accepted any valid SQLite file without content verification. This allowed a NetworkManager to replace the production database with a modified copy, escalating privileges to Admin. This granted access to user management, audit logs, debug endpoints, and operator identity configuration, which the role was explicitly denied. The affected endpoint is /restore. The vulnerable parameter is the SQLite file provided to the /restore endpoint.

Recommendations Update to version 1.7.0 or later.

Exploit

Fix

Improper Privilege Management

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-269

Related Identifiers

CVE-2026-33906

GHSA-87J9-M7X6-HVW2

GO-2026-4873

SUSE-SU-2026:1205-1

Affected Products

Ella Core

CVE-2026-33906

Weakness Enumeration

Related Identifiers

Affected Products

References · 48