CVE-2026-2864

Name of the Vulnerable Software and Affected Versions feng ha ha/megagao ssm-erp and production ssm (affected versions not specified)

Description A path traversal issue exists due to manipulation of the picName argument within the pictureDelete function of the PictureController.java file. This allows for remote exploitation. The exploit has been publicly disclosed. The software does not utilize versioning, making it difficult to determine specific affected and unaffected releases. The product is distributed under two different names.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.