CVE-2026-2106

Name of the Vulnerable Software and Affected Versions yeqifu warehouse versions prior to aaf29962ba407d22d991781de28796ee7b4670e4

Description A flaw exists within the Notice Management component of yeqifu warehouse, specifically in the addNotice(), updateNotice(), deleteNotice(), and batchDeleteNotice() functions located in the file datasetreposwarehousesrcmainjavacomyeqifusyscontrollerNoticeController.java. This issue results in improper authorization and can be exploited remotely. The exploit details have been publicly disclosed. The product utilizes continuous delivery with rolling releases, and the project maintainers have been notified but have not yet responded.

Recommendations Apply updates to yeqifu warehouse beyond aaf29962ba407d22d991781de28796ee7b4670e4. As a temporary workaround, restrict access to the addNotice(), updateNotice(), deleteNotice(), and batchDeleteNotice() functions.