CVE-2026-31271
Authorization Bypass in megagao production_ssm Allows Admin Account Creation
Publication date: 2026-04-07
Last updated on: 2026-04-09
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| megagao | production_ssm | 1.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-288 | The product requires authentication, but the product has an alternate path or channel that does not require authentication. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-31271 is a critical authorization bypass vulnerability in megagao production_ssm version 1.0. The issue exists in the insert() method of the UserController.java file, which handles user addition. This method lacks any authentication or authorization checks, allowing attackers to access the /user/insert endpoint without logging in.
Because of this flaw, an unauthenticated attacker can send crafted requests to create new user accounts with super administrator privileges, effectively bypassing all permission controls.
How can this vulnerability impact me? :
This vulnerability can lead to complete system compromise because attackers can create super administrator accounts without any authentication.
- Unauthorized creation of privileged accounts.
- Privilege escalation to super administrator level.
- Full control over the affected system by attackers.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by testing the accessibility and functionality of the /user/insert endpoint without authentication. Specifically, you can attempt to send a POST request to this endpoint with user data to see if the system allows creation of new users without requiring login or credentials.
A practical approach is to intercept a normal user addition request (for example, using a tool like BurpSuite), remove all authentication headers such as cookies, and then resend the request. If the request succeeds in creating a user, the vulnerability is present.
Example command using curl to test the endpoint (replace values as appropriate):
- curl -X POST http://<target-host>/user/insert -d '{"id":"1001","username":"testadmin","password":"password123","roleId":"1","locked":"0"}' -H "Content-Type: application/json"
If this command succeeds without authentication and creates a user, it confirms the authorization bypass vulnerability.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows unauthenticated attackers to create super administrator accounts, leading to complete system compromise and unauthorized administrative access.
Such unauthorized access and privilege escalation can result in unauthorized data access, manipulation, or disclosure, which may violate common standards and regulations like GDPR and HIPAA that require strict access controls and protection of sensitive data.
Therefore, this vulnerability undermines compliance with these regulations by failing to enforce proper authentication and authorization controls.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include implementing proper authentication and authorization checks on the /user/insert endpoint to prevent unauthenticated access.
Specifically, add security controls such as Spring Security annotations (e.g., @PreAuthorize) to the insert() method in UserController.java to ensure only authorized users can add new users.
In the short term, restrict access to the /user/insert endpoint via network controls such as firewall rules or API gateway policies to block unauthenticated requests.
Additionally, monitor logs for any unauthorized attempts to access this endpoint and review existing user accounts for any suspicious or unauthorized super administrator accounts.