CVE-2026-34762
Ella Core’s vulnerability (CVE-2026-34762) affects versions prior to 1.8.0. The PUT /api/v1/subscriber/{imsi} endpoint accepts an IMSI in both the URL path and the JSON body without verifying they match, enabling an authenticated NetworkManager to modify any subscriber’s QoS policy while the audi...