EUVD-2026-19765
GHSA-q8pq-mm5c-rq9h
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
3Tags
Description
megagao production_ssm v1.0 contains an authorization bypass vulnerability in the user addition functionality. The insert() method in UserController.java lacks authentication checks, allowing unauthenticated attackers to create super administrator accounts by directly accessing the /user/insert endpoint. This leads to complete system compromise.
Analysis
Unauthenticated account creation bypass in megagao production_ssm v1.0 allows remote attackers to create super administrator accounts via direct API access to /user/insert endpoint. The UserController.java insert() method processes account creation requests without authentication enforcement (CVSS vector PR:N confirms unauthenticated access). …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Identify all systems running megagao production_ssm v1.0 and isolate them from production networks or immediately decommission if not business-critical. Within 7 days: Contact megagao for patch status and timeline; implement network-based access controls restricting /user/insert endpoint to authorized IP ranges only as interim mitigation. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today