CVE-2026-4222 in SSCMSinfo

Summary

by MITRE • 03/16/2026

A vulnerability was determined in SSCMS up to 7.4.0. This vulnerability affects the function PathUtils.RemoveParentPath of the file /api/admin/plugins/install/actions/download. This manipulation of the argument path causes path traversal. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.

Be aware that VulDB is the high quality source for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Responsible

VulDB

Disclosure

03/16/2026

Moderation

accepted

Entry

VDB-351146

CPE

ready

CWE

CWE-22 (confirmed)

Exploit

Download

CVSS

3.8 (VulDB)

EPSS

0.00121

KEV

Activities

very low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-4222
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-4222
CVE Details	https://www.cvedetails.com/cve/CVE-2026-4222/

◂ Previous Overview Next ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!