CVE-2026-2850

Name of the Vulnerable Software and Affected Versions yeqifu warehouse versions prior to aaf29962ba407d22d991781de28796ee7b4670e4

Description A flaw exists in the Customer Endpoint component of yeqifu warehouse. The addCustomer, updateCustomer, and deleteCustomer functions within the datasetreposwarehousesrcmainjavacomyeqifubuscontrollerCustomerController.java file are susceptible to improper access controls. Remote exploitation is possible. The exploit has been publicly disclosed. The project was notified of the issue but has not yet responded.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.