Ella Core has Privilege Escalation via Database Restore by NetworkManager role

GHSA-87j9-m7x6-hvw2 · CVE-2026-33906 · GO-2026-4873

Published Mar 26, 2026 · Modified Apr 2, 2026

Description

Summary

The NetworkManager role was granted backup and restore permission. The restore endpoint accepted any valid SQLite file without verifying its contents.

Impact

A NetworkManager could replace the production database with a tampered copy to escalate to Admin, gaining access to user management, audit logs, debug endpoints, and operator identity configuration that the role was explicitly denied.

Fix

Backup and restore permissions have been removed from the NetworkManager role.

References

WEB https://github.com/ellanetworks/core/security/advisories/GHSA-87j9-m7x6-hvw2
ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2026-33906
WEB https://github.com/ellanetworks/core/commit/1e4768288a6519fcb63ec83f851584ecebb8a972
PACKAGE https://github.com/ellanetworks/core
WEB https://github.com/ellanetworks/core/releases/tag/v1.7.0

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes