CVE-2026-33906
Received Received - Intake
Insecure Restore Endpoint in Ella Core 5G Enables Privilege Escalation

Publication date: 2026-03-27

Last updated on: 2026-04-20

Assigner: GitHub, Inc.

Description
Ella Core is a 5G core designed for private networks. Prior to version 1.7.0, the NetworkManager role was granted backup and restore permission. The restore endpoint accepted any valid SQLite file without verifying its contents. A NetworkManager could replace the production database with a tampered copy to escalate to Admin, gaining access to user management, audit logs, debug endpoints, and operator identity configuration that the role was explicitly denied. In version 1.7.0, backup and restore permissions have been removed from the NetworkManager role.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-27
Last Modified
2026-04-20
Generated
2026-06-16
AI Q&A
2026-03-28
EPSS Evaluated
2026-06-15
NVD
CVE-2026-33906
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
ellanetworks ella_core to 1.7.0 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-269 The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-33906 is a high-severity privilege escalation vulnerability in the Ella Core 5G private network software versions prior to 1.7.0. The vulnerability exists because the NetworkManager role was granted backup and restore permissions, and the restore endpoint accepted any valid SQLite database file without verifying its contents.

This flaw allowed a user with NetworkManager privileges to replace the production database with a maliciously crafted SQLite file, thereby escalating their privileges to Admin. This unauthorized access gave them control over sensitive functions such as user management, audit logs, debug endpoints, and operator identity configuration, which were explicitly denied to the NetworkManager role.

The issue was fixed in version 1.7.0 by removing backup and restore permissions from the NetworkManager role, eliminating the attack vector.

Impact Analysis

This vulnerability can have severe impacts if exploited. An attacker with NetworkManager role access can escalate to full administrative privileges, gaining unauthorized access to sensitive data and critical system functions.

  • Access to user management capabilities, allowing modification or deletion of user accounts.
  • Access to audit logs, potentially enabling tampering or deletion of security-relevant records.
  • Access to debug endpoints and operator identity configuration, which could be used to further compromise the system.
  • Potential disruption of service due to the ability to modify or replace the production database.
Mitigation Strategies

To mitigate this vulnerability, upgrade the Ella Core software to version 1.7.0 or later.

Version 1.7.0 removes backup and restore permissions from the NetworkManager role, eliminating the attack vector that allowed privilege escalation.

Compliance Impact

This vulnerability allows a NetworkManager role user to escalate privileges to Admin by replacing the production database with a tampered SQLite file, gaining access to sensitive data such as user management, audit logs, and operator identity configuration.

Such unauthorized access and privilege escalation can lead to violations of compliance requirements in standards like GDPR and HIPAA, which mandate strict controls over access to personal data, audit logs, and system configurations to protect confidentiality, integrity, and availability.

Specifically, the high confidentiality, integrity, and availability impacts indicated by the CVSS score highlight risks of data breaches, unauthorized data modification, and service disruption, all of which can result in non-compliance with these regulations.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-33906. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart