CVE-2026-2860 | feng_ha_ha/megagao ssm-erp/production_ssm 1.0 EmployeeController.java improper authorization

A vulnerability marked as critical has been reported in feng_ha_ha/megagao ssm-erp and production_ssm 1.0. Impacted is an unknown function of the file EmployeeController.java. The manipulation leads to improper authorization.

This vulnerability is traded as CVE-2026-2860. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

This product is distributed under two entirely different names. The project was informed of the problem early through an issue report but has not responded yet.

CVE-2026-2860 | feng_ha_ha/megagao ssm-erp/production_ssm 1.0 EmployeeController.java improper authorization

Post correlati

CVE-2025-34118 | Linknat VOS Manager up to VOS2009/VOS3000 2.1.9.06 path traversal

CVE-2024-12926 | Codezips Project Management System 1.0 advanced.php name sql injection

CVE-2026-22153 | Fortinet FortiOS up to 7.6.4 authentication bypass (FG-IR-25-1052)

CVE-2025-54454 | Samsung Electronics MagicINFO 9 Server 21.1050/21.1052 hard-coded credentials