CVE-2026-31272
Received Received - Intake
Access Control Bypass in MRCMS UserController Enables Privilege Escalation

Publication date: 2026-04-07

Last updated on: 2026-04-14

Assigner: MITRE

Description
MRCMS 3.1.2 contains an access control vulnerability. The save() method in src/main/java/org/marker/mushroom/controller/UserController.java lacks proper authorization validation, enabling direct addition of super administrator accounts without authentication.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-07
Last Modified
2026-04-14
Generated
2026-06-16
AI Q&A
2026-04-07
EPSS Evaluated
2026-06-15
NVD
CVE-2026-31272
EUVD
EUVD-2026-19767
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
mrcms mrcms 3.1.2
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-284 The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-31272 is an access control vulnerability in MRCMS version 3.1.3 where the save() method in the UserController.java file does not properly validate authorization.

This flaw allows an attacker to bypass authentication and directly add super administrator accounts without any credentials.

An attacker can exploit this by intercepting and modifying HTTP POST requests to the user creation endpoint, removing authentication cookies, and specifying parameters to create a super administrator user.

Impact Analysis

This vulnerability allows unauthorized users to create super administrator accounts, leading to full website compromise.

Attackers gaining super administrator access can control the entire website, including modifying content, accessing sensitive data, and potentially deploying further attacks.

Detection Guidance

This vulnerability can be detected by monitoring for unauthorized creation of super administrator accounts without proper authentication.

One way to detect exploitation attempts is to intercept and analyze HTTP POST requests to the endpoint `/admin/user/save.do`.

Using tools like Burp Suite, you can capture and inspect requests that attempt to add users with parameters such as `gid=1` (super administrator group), `nickname`, `name`, `pass`, `description`, and `status=1`.

  • Monitor HTTP POST requests to `/admin/user/save.do` for attempts to add users with `gid=1` without valid authentication cookies.
  • Use a web proxy tool (e.g., Burp Suite) to intercept and analyze user creation requests.
  • Check the user management interface for unexpected super administrator accounts.
Mitigation Strategies

Immediate mitigation steps include restricting access to the user creation endpoint and applying proper authorization checks.

Since the vulnerability allows unauthenticated creation of super administrator accounts, it is critical to prevent unauthorized access to `/admin/user/save.do`.

  • Restrict access to the user management interface and related endpoints to trusted IP addresses or VPN users.
  • Implement or enforce authentication and authorization validation on the `save()` method in the UserController.
  • Monitor logs for suspicious user creation activity and remove any unauthorized super administrator accounts immediately.
  • Update or patch the MRCMS software to a version where this vulnerability is fixed, if available.
Compliance Impact

This vulnerability allows unauthenticated attackers to create super administrator accounts, leading to full website compromise and unauthorized access to sensitive data.

Such unauthorized access and potential data breaches can result in non-compliance with common standards and regulations like GDPR and HIPAA, which require strict access controls and protection of personal and sensitive information.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-31272. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart