{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-34762", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-03-30T19:17:10.225Z", "datePublished": "2026-04-02T19:03:54.247Z", "dateUpdated": "2026-04-02T19:03:54.247Z"}, "containers": {"cna": {"title": "Ella Core Has Audit Log Falsification via Path/Body IMSI Mismatch in UpdateSubscriber", "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "lang": "en", "description": "CWE-20: Improper Input Validation", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 2.7, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/ellanetworks/core/security/advisories/GHSA-xw45-cc32-442f", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/ellanetworks/core/security/advisories/GHSA-xw45-cc32-442f"}, {"name": "https://github.com/ellanetworks/core/releases/tag/v1.8.0", "tags": ["x_refsource_MISC"], "url": "https://github.com/ellanetworks/core/releases/tag/v1.8.0"}], "affected": [{"vendor": "ellanetworks", "product": "core", "versions": [{"version": "< 1.8.0", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-02T19:03:54.247Z"}, "descriptions": [{"lang": "en", "value": "Ella Core is a 5G core designed for private networks. Prior to version 1.8.0, the PUT /api/v1/subscriber/{imsi} API accepts an IMSI identifier from both the URL path and the JSON request body but never verifies they match. This allows an authenticated NetworkManager to modify any subscriber's policy while the audit trail records a fabricated or unrelated subscriber IMSI. This issue has been patched in version 1.8.0."}], "source": {"advisory": "GHSA-xw45-cc32-442f", "discovery": "UNKNOWN"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Ella Core is a 5G core designed for private networks. Prior to version 1.8.0, the PUT /api/v1/subscriber/{imsi} API accepts an IMSI identifier from both the URL path and the JSON request body but never verifies they match. This allows an authenticated NetworkManager to modify any subscriber's policy while the audit trail records a fabricated or unrelated subscriber IMSI. This issue has been patched in version 1.8.0."}], "id": "CVE-2026-34762", "lastModified": "2026-04-02T20:16:25.947", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 2.7, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 1.4, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-04-02T20:16:25.947", "references": [{"source": "security-advisories@github.com", "url": "https://github.com/ellanetworks/core/releases/tag/v1.8.0"}, {"source": "security-advisories@github.com", "url": "https://github.com/ellanetworks/core/security/advisories/GHSA-xw45-cc32-442f"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,1.8.0)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "core", "source": "cna", "vendor": "ellanetworks"}, "product": "core", "vendor": "ellanetworks"}], "analysis": {"en": {"generated_at": "2026-04-02T22:20:28.334055+00:00", "value": {"mitigation_remediation": ["Upgrade Ella Core to version 1.8.0 or later."], "summary": {"action": "Patch", "impact": "Audit Log Manipulation"}, "threat_synthesis": {"affected_systems": "The vulnerability exists in Ella Networks Core, a 5G core stack for private networks. Any deployment running a version earlier than 1.8.0 is affected. The specific API endpoint is PUT /api/v1/subscriber/{imsi}.", "description_and_impact": "Ella Core\u2019s UpdateSubscriber API allows a NetworkManager who is already authenticated to change any subscriber\u2019s policy by providing a mismatched IMSI in the URL and the request body. The system does not verify that the two IMSIs match, so the resulting audit trail records a fabricated or unrelated subscriber IMSI while the policy change is still applied. This flaw permits a privileged user to alter the behavior of any subscriber without proper audit visibility, undermining accountability and potentially enabling subsequent malicious actions within the network.", "risk_and_exploitability": "The Common Vulnerability Scoring System lists a CVSS score of 2.7, indicating low overall severity. The Exploit Prediction Scoring System data is not available, and the vulnerability is not part of CISA\u2019s Known Exploited Vulnerabilities catalog. Exploitation requires authenticated access with NetworkManager privileges and the ability to issue an HTTP PUT request to the subscriber API. Because the attacker can modify policies while the audit log misattributes the changes, the risk lies primarily in audit log integrity and potential misuse of privileged actions rather than in indirect code execution or denial of service."}}}}, "created": "2026-04-03T07:31:32.165184+00:00", "updated": "2026-04-03T09:16:28.308217+00:00", "vendors": ["ellanetworks", "ellanetworks$PRODUCT$core"]}