Path Traversal Flaw in Feng_Ha_Ha/Megagao SSM-ERP and Production_SSM
CVE-2026-2863
Key Information:
- Vendor
Feng Ha Ha
- Status
- Vendor
- CVE Published:
- 21 February 2026
Badges
What is CVE-2026-2863?
A path traversal vulnerability exists in the deleteFile function of FileServiceImpl.java within both Megagao SSM-ERP and Production_SSM products. This flaw allows attackers to manipulate file paths, potentially enabling them to access unauthorized files on the server. The attack can be initiated remotely without user authentication. Despite the issue being reported to the developers, they have yet to provide a response or patch. The products utilize a continuous delivery model with rolling releases, making it difficult to pinpoint which specific versions are affected or have been updated.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
production_ssm 4288d53bd35757b27f2d070057aefb2c07bdd097
production_ssm 4288d53bd35757b27f2d070057aefb2c07bdd097
ssm-erp 4288d53bd35757b27f2d070057aefb2c07bdd097
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V4
Timeline
- ๐ก
Public PoC available
- ๐พ
Exploit known to exist
Vulnerability published
Vulnerability Reserved