Which versions of Sscms are affected by CVE-2026-4222?

CVE-2026-4222 is a low-severity vulnerability in SSCMS involving path traversal (CVSS 3.8).

Is there a public PoC exploit available for CVE-2026-4222?

Yes, a public proof-of-concept exploit is available for CVE-2026-4222. Prioritise patching immediately. EPSS: 0.1%.

How to fix or mitigate CVE-2026-4222?

During next maintenance window: Apply vendor patches when convenient. Verify path traversal controls are in place.

Sscms CVE-2026-4222

Q: What is the CVSS score of CVE-2026-4222?

CVE-2026-4222 has a CVSS 4.0 base score of 2.0 (Low). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.1%.

EUVD-2026-12359 LOW

Path Traversal (CWE-22)

2026-03-16 VulDB

Path Traversal Sscms

2.0

CVSS 4.0 · NVD

Severity by source

NVD PRIMARY

2.0 LOW

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Lifecycle Timeline

Severity Changed

Apr 29, 2026 - 01:11 NVD

MEDIUM LOW

CVSS changed

Apr 29, 2026 - 01:11 NVD

5.1 (MEDIUM) 2.0 (LOW)

Severity Changed

Apr 22, 2026 - 21:37 NVD

LOW MEDIUM

CVSS changed

Apr 22, 2026 - 21:37 NVD

3.8 (LOW) 5.1 (MEDIUM)

PoC Detected

Mar 16, 2026 - 14:53 vuln.today

Public exploit code

EUVD ID Assigned

Mar 16, 2026 - 07:00 euvd

EUVD-2026-12359

Analysis Generated

Mar 16, 2026 - 07:00 vuln.today

CVE Published

Mar 16, 2026 - 06:32 nvd

LOW 3.8

DescriptionCVE.org

A vulnerability was determined in SSCMS up to 7.4.0. This vulnerability affects the function PathUtils.RemoveParentPath of the file /api/admin/plugins/install/actions/download. This manipulation of the argument path causes path traversal. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.

AnalysisAI

A path traversal vulnerability exists in SSCMS versions up to 7.4.0 within the PathUtils.RemoveParentPath function of the plugin download API endpoint (/api/admin/plugins/install/actions/download). An authenticated administrator with high privileges can manipulate the path argument to traverse the file system and access or modify files outside the intended directory, potentially leading to information disclosure or system compromise. …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Vulnerability AssessmentAI

Risk Assessment	The CVSS v3.1 score of 3.8 reflects a low severity rating driven by multiple mitigating factors: the attack requires high privileges (PR:H, meaning authenticated admin access), has low attack complexity (AC:L), and impacts only integrity and availability without confidentiality impact (C:N/I:L/A:L). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario	An attacker who has obtained or been granted administrative credentials (either through social engineering, credential stuffing, or insider threat) logs into the SSCMS admin panel and navigates to the plugin installation feature. Instead of downloading a legitimate plugin, they craft a malicious request to /api/admin/plugins/install/actions/download with a path parameter containing traversal sequences such as ../../../../../../etc/passwd (on Linux) or ..\..\..\windows\win.ini (on Windows), exploiting the inadequate validation in PathUtils.RemoveParentPath to read sensitive configuration files or other sensitive data from the server. …
Remediation	Immediately upgrade SSCMS to version 7.5.0 or later if available from the vendor or community maintainers; however, given the vendor's unresponsive disclosure history, verify that patches are available before assuming an upgrade path exists. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

During next maintenance window: Apply vendor patches when convenient. …

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2026-4222 vulnerability details – vuln.today

Back