CVE-2026-34762

Ella Core is a 5G core designed for private networks. Prior to version 1.8.0, the PUT /api/v1/subscriber/imsi API accepts an IMSI identifier from both the URL path and the JSON request body but never verifies they match. This allows an authenticated NetworkManager to modify any subscriber's polic...

CVE-2026-34762

Ella Core’s vulnerability (CVE-2026-34762) affects versions prior to 1.8.0. The PUT /api/v1/subscriber/{imsi} endpoint accepts an IMSI in both the URL path and the JSON body without verifying they match, enabling an authenticated NetworkManager to modify any subscriber’s QoS policy while the audi...

Ella Core Has Audit Log Falsification via Path/Body IMSI Mismatch in UpdateSubscriber

Summary The PUT /api/v1/subscriber/imsi API accepts an IMSI identifier from both the URL path and the JSON request body but never verifies they match. This allows an authenticated NetworkManager to modify any subscriber's policy while the audit trail records a fabricated or unrelated subscriber...

PT-2026-29709

Name of the Vulnerable Software and Affected Versions Ella Core versions prior to 1.8.0 Description The PUT /api/v1/subscriber/imsi API endpoint accepts an IMSI identifier from both the URL path and the JSON request body without verifying they match. This allows an authenticated NetworkManager to...