CVE-2026-31271

Published: Apr 7, 2026

Modified: Apr 9, 2026

PUBLISHED

Description

megagao production_ssm v1.0 contains an authorization bypass vulnerability in the user addition functionality. The insert() method in UserController.java lacks authentication checks, allowing unauthenticated attackers to create super administrator accounts by directly accessing the /user/insert endpoint. This leads to complete system compromise.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/clockw1se0v0/Vul/blob/main/production_ssm/Unauthorized.md

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2026-31271

Description

Affected Products

References