Plattform
go
Komponente
github.com/ellanetworks/core
Behoben in
1.7.1
1.7.0
CVE-2026-33906 describes a Privilege Escalation vulnerability discovered in Ella Core. This flaw allows attackers to potentially escalate their privileges through manipulation of the Database Restore process, particularly targeting the NetworkManager role. The vulnerability impacts versions prior to 1.7.0, and a patch has been released to address the issue.
Successful exploitation of CVE-2026-33906 could allow an attacker to gain unauthorized access and control over the Ella Core system. By manipulating the Database Restore process, an attacker with limited initial privileges could elevate their access to a higher level, potentially compromising sensitive data or disrupting system operations. The scope of impact depends on the privileges associated with the NetworkManager role and the overall system architecture, but could include full system compromise if not properly contained. This vulnerability highlights the importance of secure database management practices and robust access controls within Ella Core deployments.
CVE-2026-33906 was publicly disclosed on 2026-04-02. Currently, there are no publicly available proof-of-concept exploits. The EPSS score is pending evaluation. Monitor security advisories and threat intelligence feeds for any indications of active exploitation.
Exploit-Status
EPSS
0.04% (11% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2026-33906 is to upgrade Ella Core to version 1.7.0 or later, which includes the necessary fix. If immediate upgrading is not possible, consider restricting access to the Database Restore functionality to authorized personnel only. Implement strict input validation and sanitization on all data used in the restore process to prevent malicious manipulation. Regularly review and audit database access logs for any suspicious activity. While a WAF or proxy cannot directly address this vulnerability, they can be configured to monitor for unusual database restore requests and potentially block them.
Aktualisieren Sie Ella Core auf Version 1.7.0 oder höher. Diese Version behebt die Privilege Escalation-Schwachstelle, indem die Backup- und Wiederherstellungsberechtigungen der NetworkManager-Rolle entfernt werden.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2026-33906 is a HIGH severity vulnerability in Ella Core versions before 1.7.0. It allows an attacker with NetworkManager role access to escalate privileges via database restore, potentially gaining control of the system.
You are affected if you are running Ella Core versions prior to 1.7.0 and have not implemented compensating controls to restrict database restore access.
Upgrade Ella Core to version 1.7.0 or later. If immediate upgrade is not possible, restrict access to the database restore functionality and implement strict role-based access controls.
There are currently no public reports of active exploitation campaigns for CVE-2026-33906, but the vulnerability's nature suggests potential for exploitation.
Refer to the Ella Networks security advisories page for the latest information and official advisory regarding CVE-2026-33906. (Link to advisory would be placed here if available)
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine go.mod-Datei hoch und wir sagen dir sofort, ob du betroffen bist.