Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.3
EmployeeController in SSM-ERP allows unauthorized remote access
CVE-2026-2860
Summary
A security issue in the EmployeeController of SSM-ERP allows unauthorized users to access the system remotely. This vulnerability has been publicly disclosed, so it's possible that attackers may use it. Since the developers are using a continuous delivery model, it's unclear which versions are affected, but it's best to check for updates regularly to ensure you have the latest security patches.
Original title
A security vulnerability has been detected in feng_ha_ha/megagao ssm-erp and production_ssm up to 4288d53bd35757b27f2d070057aefb2c07bdd097. Impacted is an unknown function of the file EmployeeContr...
Original description
A security vulnerability has been detected in feng_ha_ha/megagao ssm-erp and production_ssm up to 4288d53bd35757b27f2d070057aefb2c07bdd097. Impacted is an unknown function of the file EmployeeController.java. The manipulation leads to improper authorization. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. This product is distributed under two entirely different names. The project was informed of the problem early through an issue report but has not responded yet.
nvd CVSS2.0
6.5
nvd CVSS3.1
6.3
nvd CVSS4.0
5.3
Vulnerability type
CWE-266
Incorrect Privilege Assignment
CWE-285
Improper Authorization
Published: 21 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026