What is the CVSS score of CVE-2026-31271?

CVE-2026-31271 has a CVSS 3.1 base score of 9.8 (Critical). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.0%.

Which versions of Java are affected by CVE-2026-31271?

CVE-2026-31271 is a critical unauthenticated account creation vulnerability in megagao production_ssm v1.0 that allows attackers to create super administrator accounts without credentials, granting…

Java CVE-2026-31271

EUVD-2026-19765 CRITICAL

Authentication Bypass Using an Alternate Path or Channel (CWE-288)

2026-04-07 mitre

GHSA-q8pq-mm5c-rq9h

Authentication Bypass Java N A

9.8

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

EUVD ID Assigned

Apr 07, 2026 - 18:00 euvd

EUVD-2026-19765

Analysis Generated

Apr 07, 2026 - 18:00 vuln.today

CVE Published

Apr 07, 2026 - 00:00 nvd

CRITICAL 9.8

DescriptionNVD

megagao production_ssm v1.0 contains an authorization bypass vulnerability in the user addition functionality. The insert() method in UserController.java lacks authentication checks, allowing unauthenticated attackers to create super administrator accounts by directly accessing the /user/insert endpoint. This leads to complete system compromise.

AnalysisAI

Unauthenticated account creation bypass in megagao production_ssm v1.0 allows remote attackers to create super administrator accounts via direct API access to /user/insert endpoint. The UserController.java insert() method processes account creation requests without authentication enforcement (CVSS vector PR:N confirms unauthenticated access). …

RemediationAI

Within 24 hours: Identify all systems running megagao production_ssm v1.0 and isolate them from production networks or immediately decommission if not business-critical. Within 7 days: Contact megagao for patch status and timeline; implement network-based access controls restricting /user/insert endpoint to authorized IP ranges only as interim mitigation. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-31271 vulnerability details – vuln.today

Back

Java CVE-2026-31271

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code