CVE-2026-31271
CRITICALCVSS 9.8/10EPSS 0.55%
Last modified
This CVE is reserved or awaiting analysis. Details will appear once published by NVD.
Description
megagao production_ssm v1.0 contains an authorization bypass vulnerability in the user addition functionality. The insert() method in UserController.java lacks authentication checks, allowing unauthenticated attackers to create super administrator accounts by directly accessing the /user/insert endpoint. This leads to complete system compromise.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
References
Timeline
- Published
- Last Modified
- Status
- Awaiting Analysis
Are you affected by CVE-2026-31271?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST