← Back
2026-02-07 17:2CVE-2026-2105VulDB
PUBLISHED5.2CWE-285CWE-266

yeqifu warehouse Department Management DeptController.java deleteDept improper authorization

A flaw has been found in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. The affected element is the function addDept/updateDept/deleteDept of the file dataset\repos\warehouse\src\main\java\com\yeqifu\sys\controller\DeptController.java of the component Department Management. Executing a manipulation can lead to improper authorization. It is possible to launch the attack remotely. The exploit has been published and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The project was informed of the problem early through an issue report but has not responded yet.

Problem type

Affected products

yeqifu

warehouse

aaf29962ba407d22d991781de28796ee7b4670e4 - AFFECTED

References

VDB-344681 | yeqifu warehouse Department Management DeptController.java deleteDept improper authorization

https://vuldb.com/?id.344681

vdb-entrytechnical-description
VDB-344681 | CTI Indicators (IOB, IOC, TTP, IOA)

https://vuldb.com/?ctiid.344681

signaturepermissions-required
Submit #745515 | yeqifu warehouse latest(git commit aaf29962ba407d22d991781de28796ee7b4670e4) Improper Access Controls

https://vuldb.com/?submit.745515

third-party-advisory
github.com

https://github.com/yeqifu/warehouse/issues/57

issue-tracking
github.com

https://github.com/yeqifu/warehouse/issues/57#issue-3846662068

exploitissue-tracking
github.com

https://github.com/yeqifu/warehouse/

product

GitHub Security Advisories

GHSA-vgj5-9p6r-986x

A flaw has been found in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. The...

https://github.com/advisories/GHSA-vgj5-9p6r-986x

A flaw has been found in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. The affected element is the function addDept/updateDept/deleteDept of the file dataset\repos\warehouse\src\main\java\com\yeqifu\sys\controller\DeptController.java of the component Department Management. Executing a manipulation can lead to improper authorization. It is possible to launch the attack remotely. The exploit has been published and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The project was informed of the problem early through an issue report but has not responded yet.

nvd.nist.gov

https://nvd.nist.gov/vuln/detail/CVE-2026-2105

github.com

https://github.com/yeqifu/warehouse/issues/57

github.com

https://github.com/yeqifu/warehouse/issues/57#issue-3846662068

github.com

https://github.com/yeqifu/warehouse

vuldb.com

https://vuldb.com/?ctiid.344681

vuldb.com

https://vuldb.com/?id.344681

vuldb.com

https://vuldb.com/?submit.745515

github.com

https://github.com/advisories/GHSA-vgj5-9p6r-986x

JSON source

https://cveawg.mitre.org/api/cve/CVE-2026-2105
Click to expand
{
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "cveMetadata": {
    "cveId": "CVE-2026-2105",
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "dateUpdated": "2026-02-07T17:02:07.803Z",
    "dateReserved": "2026-02-06T14:15:55.535Z",
    "datePublished": "2026-02-07T17:02:07.803Z",
    "state": "PUBLISHED"
  },
  "containers": {
    "cna": {
      "providerMetadata": {
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB",
        "dateUpdated": "2026-02-07T17:02:07.803Z"
      },
      "title": "yeqifu warehouse Department Management DeptController.java deleteDept improper authorization",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw has been found in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. The affected element is the function addDept/updateDept/deleteDept of the file dataset\\repos\\warehouse\\src\\main\\java\\com\\yeqifu\\sys\\controller\\DeptController.java of the component Department Management. Executing a manipulation can lead to improper authorization. It is possible to launch the attack remotely. The exploit has been published and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The project was informed of the problem early through an issue report but has not responded yet."
        }
      ],
      "affected": [
        {
          "vendor": "yeqifu",
          "product": "warehouse",
          "modules": [
            "Department Management"
          ],
          "versions": [
            {
              "version": "aaf29962ba407d22d991781de28796ee7b4670e4",
              "status": "affected"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "lang": "en",
              "description": "Improper Authorization",
              "cweId": "CWE-285",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "lang": "en",
              "description": "Incorrect Privilege Assignment",
              "cweId": "CWE-266",
              "type": "CWE"
            }
          ]
        }
      ],
      "references": [
        {
          "url": "https://vuldb.com/?id.344681",
          "name": "VDB-344681 | yeqifu warehouse Department Management DeptController.java deleteDept improper authorization",
          "tags": [
            "vdb-entry",
            "technical-description"
          ]
        },
        {
          "url": "https://vuldb.com/?ctiid.344681",
          "name": "VDB-344681 | CTI Indicators (IOB, IOC, TTP, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ]
        },
        {
          "url": "https://vuldb.com/?submit.745515",
          "name": "Submit #745515 | yeqifu warehouse latest(git commit aaf29962ba407d22d991781de28796ee7b4670e4) Improper Access Controls",
          "tags": [
            "third-party-advisory"
          ]
        },
        {
          "url": "https://github.com/yeqifu/warehouse/issues/57",
          "tags": [
            "issue-tracking"
          ]
        },
        {
          "url": "https://github.com/yeqifu/warehouse/issues/57#issue-3846662068",
          "tags": [
            "exploit",
            "issue-tracking"
          ]
        },
        {
          "url": "https://github.com/yeqifu/warehouse/",
          "tags": [
            "product"
          ]
        }
      ],
      "metrics": [
        {},
        {
          "cvssV3_1": {
            "version": "3.1",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM"
          }
        },
        {
          "cvssV3_0": {
            "version": "3.0",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM"
          }
        },
        {
          "cvssV2_0": {
            "version": "2.0",
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
            "baseScore": 6.5
          }
        }
      ],
      "timeline": [
        {
          "time": "2026-02-06T00:00:00.000Z",
          "lang": "en",
          "value": "Advisory disclosed"
        },
        {
          "time": "2026-02-06T01:00:00.000Z",
          "lang": "en",
          "value": "VulDB entry created"
        },
        {
          "time": "2026-02-06T15:21:08.000Z",
          "lang": "en",
          "value": "VulDB entry last update"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "AliceS614 (VulDB User)",
          "type": "reporter"
        }
      ]
    }
  }
}