← Back
2026-02-07 6:32CVE-2026-2076VulDB
PUBLISHED5.2CWE-285CWE-266

yeqifu warehouse User Management Endpoint UserController.java deleteUser improper authorization

A weakness has been identified in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. Affected by this vulnerability is the function addUser/updateUser/deleteUser of the file dataset\repos\warehouse\src\main\java\com\yeqifu\sys\controller\UserController.java of the component User Management Endpoint. This manipulation causes improper authorization. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The project was informed of the problem early through an issue report but has not responded yet.

Problem type

Affected products

yeqifu

warehouse

aaf29962ba407d22d991781de28796ee7b4670e4 - AFFECTED

References

VDB-344642 | yeqifu warehouse User Management Endpoint UserController.java deleteUser improper authorization

https://vuldb.com/?id.344642

vdb-entrytechnical-description
VDB-344642 | CTI Indicators (IOB, IOC, TTP, IOA)

https://vuldb.com/?ctiid.344642

signaturepermissions-required
Submit #745509 | yeqifu warehouse latest(git commit aaf29962ba407d22d991781de28796ee7b4670e4) Improper Access Controls

https://vuldb.com/?submit.745509

third-party-advisory
github.com

https://github.com/yeqifu/warehouse/issues/53

issue-tracking
github.com

https://github.com/yeqifu/warehouse/issues/53#issue-3846651070

exploitissue-tracking
github.com

https://github.com/yeqifu/warehouse/

product

GitHub Security Advisories

GHSA-57g4-crph-5qv5

A weakness has been identified in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4...

https://github.com/advisories/GHSA-57g4-crph-5qv5

A weakness has been identified in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. Affected by this vulnerability is the function addUser/updateUser/deleteUser of the file dataset\repos\warehouse\src\main\java\com\yeqifu\sys\controller\UserController.java of the component User Management Endpoint. This manipulation causes improper authorization. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The project was informed of the problem early through an issue report but has not responded yet.

nvd.nist.gov

https://nvd.nist.gov/vuln/detail/CVE-2026-2076

github.com

https://github.com/yeqifu/warehouse/issues/53

github.com

https://github.com/yeqifu/warehouse/issues/53#issue-3846651070

github.com

https://github.com/yeqifu/warehouse

vuldb.com

https://vuldb.com/?ctiid.344642

vuldb.com

https://vuldb.com/?id.344642

vuldb.com

https://vuldb.com/?submit.745509

github.com

https://github.com/advisories/GHSA-57g4-crph-5qv5

JSON source

https://cveawg.mitre.org/api/cve/CVE-2026-2076
Click to expand
{
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "cveMetadata": {
    "cveId": "CVE-2026-2076",
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "dateUpdated": "2026-02-07T06:32:07.701Z",
    "dateReserved": "2026-02-06T07:57:10.089Z",
    "datePublished": "2026-02-07T06:32:07.701Z",
    "state": "PUBLISHED"
  },
  "containers": {
    "cna": {
      "providerMetadata": {
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB",
        "dateUpdated": "2026-02-07T06:32:07.701Z"
      },
      "title": "yeqifu warehouse User Management Endpoint UserController.java deleteUser improper authorization",
      "descriptions": [
        {
          "lang": "en",
          "value": "A weakness has been identified in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. Affected by this vulnerability is the function addUser/updateUser/deleteUser of the file dataset\\repos\\warehouse\\src\\main\\java\\com\\yeqifu\\sys\\controller\\UserController.java of the component User Management Endpoint. This manipulation causes improper authorization. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The project was informed of the problem early through an issue report but has not responded yet."
        }
      ],
      "affected": [
        {
          "vendor": "yeqifu",
          "product": "warehouse",
          "modules": [
            "User Management Endpoint"
          ],
          "versions": [
            {
              "version": "aaf29962ba407d22d991781de28796ee7b4670e4",
              "status": "affected"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "lang": "en",
              "description": "Improper Authorization",
              "cweId": "CWE-285",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "lang": "en",
              "description": "Incorrect Privilege Assignment",
              "cweId": "CWE-266",
              "type": "CWE"
            }
          ]
        }
      ],
      "references": [
        {
          "url": "https://vuldb.com/?id.344642",
          "name": "VDB-344642 | yeqifu warehouse User Management Endpoint UserController.java deleteUser improper authorization",
          "tags": [
            "vdb-entry",
            "technical-description"
          ]
        },
        {
          "url": "https://vuldb.com/?ctiid.344642",
          "name": "VDB-344642 | CTI Indicators (IOB, IOC, TTP, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ]
        },
        {
          "url": "https://vuldb.com/?submit.745509",
          "name": "Submit #745509 | yeqifu warehouse latest(git commit aaf29962ba407d22d991781de28796ee7b4670e4) Improper Access Controls",
          "tags": [
            "third-party-advisory"
          ]
        },
        {
          "url": "https://github.com/yeqifu/warehouse/issues/53",
          "tags": [
            "issue-tracking"
          ]
        },
        {
          "url": "https://github.com/yeqifu/warehouse/issues/53#issue-3846651070",
          "tags": [
            "exploit",
            "issue-tracking"
          ]
        },
        {
          "url": "https://github.com/yeqifu/warehouse/",
          "tags": [
            "product"
          ]
        }
      ],
      "metrics": [
        {},
        {
          "cvssV3_1": {
            "version": "3.1",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM"
          }
        },
        {
          "cvssV3_0": {
            "version": "3.0",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM"
          }
        },
        {
          "cvssV2_0": {
            "version": "2.0",
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
            "baseScore": 6.5
          }
        }
      ],
      "timeline": [
        {
          "time": "2026-02-06T00:00:00.000Z",
          "lang": "en",
          "value": "Advisory disclosed"
        },
        {
          "time": "2026-02-06T01:00:00.000Z",
          "lang": "en",
          "value": "VulDB entry created"
        },
        {
          "time": "2026-02-06T09:02:25.000Z",
          "lang": "en",
          "value": "VulDB entry last update"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "AliceS614 (VulDB User)",
          "type": "reporter"
        }
      ]
    }
  }
}