Is Java affected by EUVD-2026-19765?

CVE-2026-31271 is a critical unauthenticated account creation vulnerability in megagao production_ssm v1.0 that allows attackers to create super administrator accounts without credentials, granting complete system compromise.

EUVD-2026-19765

| CVE-2026-31271 CRITICAL

2026-04-07 mitre

GHSA-q8pq-mm5c-rq9h

9.8

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Apr 07, 2026 - 18:00 vuln.today

EUVD ID Assigned

Apr 07, 2026 - 18:00 euvd

EUVD-2026-19765

CVE Published

Apr 07, 2026 - 00:00 nvd

CRITICAL 9.8

Description

megagao production_ssm v1.0 contains an authorization bypass vulnerability in the user addition functionality. The insert() method in UserController.java lacks authentication checks, allowing unauthenticated attackers to create super administrator accounts by directly accessing the /user/insert endpoint. This leads to complete system compromise.

Analysis

Unauthenticated account creation bypass in megagao production_ssm v1.0 allows remote attackers to create super administrator accounts via direct API access to /user/insert endpoint. The UserController.java insert() method processes account creation requests without authentication enforcement (CVSS vector PR:N confirms unauthenticated access). …

Remediation

Within 24 hours: Identify all systems running megagao production_ssm v1.0 and isolate them from production networks or immediately decommission if not business-critical. Within 7 days: Contact megagao for patch status and timeline; implement network-based access controls restricting /user/insert endpoint to authorized IP ranges only as interim mitigation. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.0

CVSS: +49

POC: 0

EUVD-2026-19765 vulnerability details – vuln.today

Back

EUVD-2026-19765

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Analysis

Full analysis requires sign-in

Priority Score

Share

EUVD-2026-19765

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Full analysis requires sign-in

Priority Score

Share

External POC / Exploit Code