CVE-2026-2676
LOW EPSS 18.9%
Published Feb 18, 20264mo ago · Modified Apr 29, 20262mo ago
2.1 CVSS 4.0
Published Feb 18, 2026 4mo ago
Last Modified Apr 29, 2026 2mo ago
Description
A weakness has been identified in GoogTech sms-ssm up to e8534c766fd13f5f94c01dab475d75f286918a8d. Affected by this issue is the function preHandle of the file LoginInterceptor.java of the component API Interface. Executing a manipulation can lead to improper authorization. The attack may be performed from remote. The exploit has been made available to the public and could be used for attacks. This product utilizes a rolling release system for continuous delivery, and as such, version information for affected or updated releases is not disclosed.
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X Attack Vector Network
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope X
Threat Intelligence
EPSS Exploit Probability
18.9% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available
Weaknesses 2
CWE-266
CWE-285
References 7
- github.com https://github.com/GoogTech/sms-ssm/
- github.com https://github.com/GoogTech/sms-ssm/issues/27
- github.com https://github.com/GoogTech/sms-ssm/issues/27#issue-3878817166
- github.com https://github.com/GoogTech/sms-ssm/issues/27#issuecomment-3828063958
- vuldb.com https://vuldb.com/?ctiid.346469
- vuldb.com https://vuldb.com/?id.346469
- vuldb.com https://vuldb.com/?submit.749702
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.