PT-2026-6914 · Unknown · Yeqifu Warehouse
Alices614
·
Published
2026-02-07
·
Updated
2026-02-07
·
CVE-2026-2106
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
yeqifu warehouse versions prior to aaf29962ba407d22d991781de28796ee7b4670e4
Description
A flaw exists within the Notice Management component of yeqifu warehouse, specifically in the
addNotice(), updateNotice(), deleteNotice(), and batchDeleteNotice() functions located in the file datasetreposwarehousesrcmainjavacomyeqifusyscontrollerNoticeController.java. This issue results in improper authorization and can be exploited remotely. The exploit details have been publicly disclosed. The product utilizes continuous delivery with rolling releases, and the project maintainers have been notified but have not yet responded.Recommendations
Apply updates to yeqifu warehouse beyond aaf29962ba407d22d991781de28796ee7b4670e4.
As a temporary workaround, restrict access to the
addNotice(), updateNotice(), deleteNotice(), and batchDeleteNotice() functions.Exploit
Fix
Improper Authorization
Incorrect Privilege Assignment
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Yeqifu Warehouse