CVE-2026-2863

Name of the Vulnerable Software and Affected Versions feng ha ha/megagao ssm-erp and production ssm versions prior to 4288d53bd35757b27f2d070057aefb2c07bdd097

Description A path traversal flaw exists in the deleteFile function within the FileServiceImpl.java file. This manipulation allows for remote exploitation. The exploit has been published. The product utilizes continuous delivery with rolling releases, making specific version details for affected or updated releases unavailable. The software is distributed under two different names. The project was notified of the issue but has not responded.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.