CVE-2026-33906
Insecure Restore Endpoint in Ella Core 5G Enables Privilege Escalation
Publication date: 2026-03-27
Last updated on: 2026-04-20
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ellanetworks | ella_core | to 1.7.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-269 | The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-33906 is a high-severity privilege escalation vulnerability in the Ella Core 5G private network software versions prior to 1.7.0. The vulnerability exists because the NetworkManager role was granted backup and restore permissions, and the restore endpoint accepted any valid SQLite database file without verifying its contents.
This flaw allowed a user with NetworkManager privileges to replace the production database with a maliciously crafted SQLite file, thereby escalating their privileges to Admin. This unauthorized access gave them control over sensitive functions such as user management, audit logs, debug endpoints, and operator identity configuration, which were explicitly denied to the NetworkManager role.
The issue was fixed in version 1.7.0 by removing backup and restore permissions from the NetworkManager role, eliminating the attack vector.
How can this vulnerability impact me? :
This vulnerability can have severe impacts if exploited. An attacker with NetworkManager role access can escalate to full administrative privileges, gaining unauthorized access to sensitive data and critical system functions.
- Access to user management capabilities, allowing modification or deletion of user accounts.
- Access to audit logs, potentially enabling tampering or deletion of security-relevant records.
- Access to debug endpoints and operator identity configuration, which could be used to further compromise the system.
- Potential disruption of service due to the ability to modify or replace the production database.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, upgrade the Ella Core software to version 1.7.0 or later.
Version 1.7.0 removes backup and restore permissions from the NetworkManager role, eliminating the attack vector that allowed privilege escalation.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability allows a NetworkManager role user to escalate privileges to Admin by replacing the production database with a tampered SQLite file, gaining access to sensitive data such as user management, audit logs, and operator identity configuration.
Such unauthorized access and privilege escalation can lead to violations of compliance requirements in standards like GDPR and HIPAA, which mandate strict controls over access to personal data, audit logs, and system configurations to protect confidentiality, integrity, and availability.
Specifically, the high confidentiality, integrity, and availability impacts indicated by the CVSS score highlight risks of data breaches, unauthorized data modification, and service disruption, all of which can result in non-compliance with these regulations.