CVE-2026-4222 - Vulnerability Details

Description

A vulnerability was determined in SSCMS up to 7.4.0. This vulnerability affects the function PathUtils.RemoveParentPath of the file /api/admin/plugins/install/actions/download. This manipulation of the argument path causes path traversal. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.

Published: 2026-03-16

Score: 5.1 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

A vulnerability has been identified in SSCMS versions up to 7.4.0 that allows manipulation of the argument path in the PathUtils.RemoveParentPath function located in /api/admin/plugins/install/actions/download. This manipulation enables path traversal, opening the possibility for remote attackers to read arbitrary files on the server. The weakness corresponds to CWE-22. The most immediate consequence is potential unauthorized disclosure of sensitive information or system configuration files, which could be leveraged by a skilled attacker to further compromise the system.

Affected Systems

Affected vendors include SSCMS (product name: SSCMS). The vulnerability impacts all releases up to and including version 7.4.0. The Common Platform Enumeration for this product is cpe:2.3:a:sscms:sscms:*:*:*:*:*:*:*.*.

Risk and Exploitability

The CVSS score is 5.1, indicating a moderate level of severity. EPSS is reported to be less than 1%, meaning the public exploitation probability is currently low. The vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog. Remote exploitation is feasible via the exposed HTTP endpoint, and the exploit has been publicly disclosed. However, the likelihood of a coordinated attack remains low due to the low EPSS and lack of active vendor response.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

n/a

SSCMS

affected

Version	Status	Constraints
`7.0`	affected	—
`7.1`	affected	—
`7.2`	affected	—
`7.3`	affected	—
`7.4.0`	affected	—

No data.

Vendor Product Confidence Versions

Sscms

95%

Version	Status	Scheme	Platform
`7.0`	affected	generic	—
`7.1`	affected	generic	—
`7.2`	affected	generic	—
`7.3`	affected	generic	—
`7.4.0`	affected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade to the latest SSCMS release that removes the PathUtils.RemoveParentPath vulnerability (if available).
If an update is not immediately feasible, limit access to the /api/admin/plugins/install/actions/download endpoint to trusted administrators only, using network or application‑level access controls.
Continuously monitor application logs for unexpected requests to the vulnerable endpoint and investigate any anomalous activity.
Regularly check the vendor’s website, community forums, or security advisories for updates, unofficial patches, or additional mitigation guidance.

Generated by OpenCVE AI on March 17, 2026 at 11:41 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

Attack Vector Network

Attack Complexity Low

Privileges Required High

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact Low

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact Low

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Multiple

Confidentiality Impact None

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.00079.

Exploitation poc

Automatable no

Technical Impact partial

References

Link	Providers
https://vuldb.com/?ctiid.351146
https://vuldb.com/?id.351146
https://vuldb.com/?submit.770536
https://www.yuque.com/la12138/pa2fpb/mbcvbk402bx1qbft?singleDoc

History

Mon, 16 Mar 2026 16:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Mon, 16 Mar 2026 07:00:00 +0000

Type	Values Removed	Values Added
Description		A vulnerability was determined in SSCMS up to 7.4.0. This vulnerability affects the function PathUtils.RemoveParentPath of the file /api/admin/plugins/install/actions/download. This manipulation of the argument path causes path traversal. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
Title		SSCMS download PathUtils.RemoveParentPath path traversal
First Time appeared		Sscms Sscms sscms
Weaknesses		CWE-22
CPEs		cpe:2.3:a:sscms:sscms::::::::
Vendors & Products		Sscms Sscms sscms
References		https://vuldb.com/?ctiid.351146 https://vuldb.com/?id.351146 https://vuldb.com/?submit.770536 https://www.yuque.com/la12138/pa2fpb/mbcvbk402bx1qbft?singleDoc
Metrics		cvssV2_0 `{'score': 4.7, 'vector': 'AV:N/AC:L/Au:M/C:N/I:P/A:P/E:POC/RL:ND/RC:UR'}` cvssV3_0 `{'score': 3.8, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L/E:P/RL:X/RC:R'}` cvssV3_1 `{'score': 3.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L/E:P/RL:X/RC:R'}` cvssV4_0 `{'score': 5.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}`

Subscriptions

Sscms Sscms

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2026-03-16T06:32:22.384Z

Updated: 2026-03-16T15:17:18.071Z

Reserved: 2026-03-15T16:33:32.364Z

Link: CVE-2026-4222

Vulnrichment

Updated: 2026-03-16T15:17:14.541Z

NVD

Status : Awaiting Analysis

Published: 2026-03-16T14:20:14.650

Modified: 2026-03-16T14:53:07.390

Link: CVE-2026-4222

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-03-24T10:45:42Z

Weaknesses

CWE-22

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required High

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact Low

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact Low

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Multiple

Confidentiality Impact None

Integrity Impact Partial

Availability Impact Partial

Exploitation poc

Automatable no

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object