VDB
CVE-2026-33906
CVE-2026-33906
PUBLISHED
CVSS 7.199999809265137 HIGH
Ella Core is a 5G core designed for private networks. Prior to version 1.7.0, the NetworkManager role was granted backup and restore permission. The restore endpoint accepted any valid SQLite file without verifying its contents. A NetworkManager could replace the production database with a tampered copy to escalate to Admin, gaining access to user management, audit logs, debug endpoints, and operator identity configuration that the role was explicitly denied. In version 1.7.0, backup and restore permissions have been removed from the NetworkManager role.
EPSS 0.02% · 5.5th percentile
Risk Scores
CVSS 3.1
7.199999809265137
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS Score
0.02%
5.5th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| ellanetworks | ella_core | 0 |
| ellanetworks | core | < 1.7.0, < 1.7.0, * |
| github.com | ellanetworks/core | 0, 0, 0 |
Exploit Intelligence
- CIRCL seen: CVE-2026-33906 (circl-sighting)
- CIRCL seen: CVE-2026-33906 (circl-sighting)
- https://github.com/ellanetworks/core/security/advisories/GHSA-87j9-m7x6-hvw2 (circl)
- https://github.com/ellanetworks/core/commit/1e4768288a6519fcb63ec83f851584ecebb8a972 (circl)
- https://github.com/ellanetworks/core/releases/tag/v1.7.0 (circl)
Timeline
- Mar 26, 2026 CVE Published
- Mar 27, 2026 CVE Updated
- Mar 27, 2026 Security Advisory
- Mar 27, 2026 PoC Published
- Mar 27, 2026 PoC Published
- Mar 28, 2026 EPSS Score
- May 18, 2026 EPSS Score
- May 19, 2026 EPSS Score
- May 20, 2026 EPSS Score
- May 21, 2026 EPSS Score
- May 22, 2026 EPSS Score
- May 23, 2026 EPSS Score
References
- https://github.com/ellanetworks/core/security/advisories/GHSA-87j9-m7x6-hvw2 url
- https://github.com/ellanetworks/core/commit/1e4768288a6519fcb63ec83f851584ecebb8a972 url
- https://github.com/ellanetworks/core/releases/tag/v1.7.0 url
- https://nvd.nist.gov/vuln/detail/CVE-2026-33906 advisory
- https://github.com/ellanetworks/core package