Description
megagao production_ssm v1.0 contains an authorization bypass vulnerability in the user addition functionality. The insert() method in UserController.java lacks authentication checks, allowing unauthenticated attackers to create super administrator accounts by directly accessing the /user/insert endpoint. This leads to complete system compromise.
Published:
2026-04-07
Score:
n/a
EPSS:
n/a
KEV:
No
Impact:
n/a
Action:
n/a
Analysis
No analysis available yet.
Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).
| Vendor | Product | Default status | Versions | ||||||
|---|---|---|---|---|---|---|---|---|---|
| n/a | n/a | affected |
|
No data.
No data.
No data available yet.
Remediation
No remediation available yet.
Tracking
Sign in to view the affected projects.
Advisories
No advisories yet.
References
History
Tue, 07 Apr 2026 18:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | megagao production_ssm v1.0 contains an authorization bypass vulnerability in the user addition functionality. The insert() method in UserController.java lacks authentication checks, allowing unauthenticated attackers to create super administrator accounts by directly accessing the /user/insert endpoint. This leads to complete system compromise. | |
| References |
|
Subscriptions
No data.
MITRE
Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2026-04-07T17:21:35.549Z
Reserved: 2026-03-09T00:00:00.000Z
Link: CVE-2026-31271
Vulnrichment
No data.
NVD
Status : Received
Published: 2026-04-07T18:16:41.000
Modified: 2026-04-07T18:16:41.000
Link: CVE-2026-31271
Redhat
No data.
OpenCVE Enrichment
No data.
Weaknesses
No weakness.