CVE-2026-33906: CWE-269: Improper Privilege Management in ellanetworks core
Ella Core is a 5G core designed for private networks. Prior to version 1.7.0, the NetworkManager role was granted backup and restore permission. The restore endpoint accepted any valid SQLite file without verifying its contents. A NetworkManager could replace the production database with a tampered copy to escalate to Admin, gaining access to user management, audit logs, debug endpoints, and operator identity configuration that the role was explicitly denied. In version 1.7.0, backup and restore permissions have been removed from the NetworkManager role.
AI Analysis
Technical Summary
Ella Core, a 5G core for private networks, had an improper privilege management vulnerability (CWE-269) where the NetworkManager role was allowed to perform backup and restore operations. The restore endpoint accepted any valid SQLite file without verifying its contents, enabling privilege escalation to Admin by replacing the production database with a manipulated copy. This escalation grants access to administrative capabilities that the NetworkManager role should not have. The vulnerability affects versions prior to 1.7.0. In version 1.7.0, the backup and restore permissions were removed from the NetworkManager role to mitigate this issue.
Potential Impact
An attacker with NetworkManager privileges can escalate to Admin by exploiting the restore functionality to replace the production database with a tampered SQLite file. This leads to unauthorized access to user management, audit logs, debug endpoints, and operator identity configuration, compromising confidentiality, integrity, and availability of the system.
Mitigation Recommendations
Upgrade to ellanetworks core version 1.7.0 or later, where the backup and restore permissions have been removed from the NetworkManager role, eliminating the privilege escalation vector. Patch status is not explicitly confirmed by a vendor advisory, but the version update indicates an official fix. Users should apply this version to remediate the vulnerability.
CVE-2026-33906: CWE-269: Improper Privilege Management in ellanetworks core
Description
Ella Core is a 5G core designed for private networks. Prior to version 1.7.0, the NetworkManager role was granted backup and restore permission. The restore endpoint accepted any valid SQLite file without verifying its contents. A NetworkManager could replace the production database with a tampered copy to escalate to Admin, gaining access to user management, audit logs, debug endpoints, and operator identity configuration that the role was explicitly denied. In version 1.7.0, backup and restore permissions have been removed from the NetworkManager role.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
Ella Core, a 5G core for private networks, had an improper privilege management vulnerability (CWE-269) where the NetworkManager role was allowed to perform backup and restore operations. The restore endpoint accepted any valid SQLite file without verifying its contents, enabling privilege escalation to Admin by replacing the production database with a manipulated copy. This escalation grants access to administrative capabilities that the NetworkManager role should not have. The vulnerability affects versions prior to 1.7.0. In version 1.7.0, the backup and restore permissions were removed from the NetworkManager role to mitigate this issue.
Potential Impact
An attacker with NetworkManager privileges can escalate to Admin by exploiting the restore functionality to replace the production database with a tampered SQLite file. This leads to unauthorized access to user management, audit logs, debug endpoints, and operator identity configuration, compromising confidentiality, integrity, and availability of the system.
Mitigation Recommendations
Upgrade to ellanetworks core version 1.7.0 or later, where the backup and restore permissions have been removed from the NetworkManager role, eliminating the privilege escalation vector. Patch status is not explicitly confirmed by a vendor advisory, but the version update indicates an official fix. Users should apply this version to remediate the vulnerability.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-03-24T15:41:47.491Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 69c6f3473c064ed76ff61892
Added to database: 3/27/2026, 9:14:47 PM
Last enriched: 4/4/2026, 10:51:17 AM
Last updated: 5/11/2026, 6:03:30 AM
Views: 111
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.