CVE-2026-31271

CVSS Score & Metrics

Base Score

9.8 / 10

Vector String

                                        CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H                                    

Vulnerability Description

megagao production_ssm v1.0 contains an authorization bypass vulnerability in the user addition functionality. The insert() method in UserController.java lacks authentication checks, allowing unauthenticated attackers to create super administrator accounts by directly accessing the /user/insert endpoint. This leads to complete system compromise.

Vulnerability Details

Published Date

April 07, 2026

Last Modified

April 09, 2026

CWE ID

CWE-288

Source

NVD

External References

https://github.com/clockw1se0v0/Vul/blob/main/production_ssm/Unauthorized.md

CVSS Score & Metrics

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment