← Back
2026-02-07 17:32CVE-2026-2106VulDB
PUBLISHED5.2CWE-285CWE-266

yeqifu warehouse Notice Management NoticeController.java batchDeleteNotice improper authorization

A vulnerability has been found in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. The impacted element is the function addNotice/updateNotice/deleteNotice/batchDeleteNotice of the file dataset\repos\warehouse\src\main\java\com\yeqifu\sys\controller\NoticeController.java of the component Notice Management. The manipulation leads to improper authorization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The project was informed of the problem early through an issue report but has not responded yet.

Problem type

Affected products

yeqifu

warehouse

aaf29962ba407d22d991781de28796ee7b4670e4 - AFFECTED

References

VDB-344682 | yeqifu warehouse Notice Management NoticeController.java batchDeleteNotice improper authorization

https://vuldb.com/?id.344682

vdb-entrytechnical-description
VDB-344682 | CTI Indicators (IOB, IOC, TTP, IOA)

https://vuldb.com/?ctiid.344682

signaturepermissions-required
Submit #745516 | yeqifu warehouse latest(git commit aaf29962ba407d22d991781de28796ee7b4670e4) Improper Access Controls

https://vuldb.com/?submit.745516

third-party-advisory
github.com

https://github.com/yeqifu/warehouse/issues/58

issue-tracking
github.com

https://github.com/yeqifu/warehouse/issues/58#issue-3846664260

exploitissue-tracking
github.com

https://github.com/yeqifu/warehouse/

product

GitHub Security Advisories

GHSA-2xw4-xhqf-2x5p

A vulnerability has been found in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4...

https://github.com/advisories/GHSA-2xw4-xhqf-2x5p

A vulnerability has been found in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. The impacted element is the function addNotice/updateNotice/deleteNotice/batchDeleteNotice of the file dataset\repos\warehouse\src\main\java\com\yeqifu\sys\controller\NoticeController.java of the component Notice Management. The manipulation leads to improper authorization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The project was informed of the problem early through an issue report but has not responded yet.

nvd.nist.gov

https://nvd.nist.gov/vuln/detail/CVE-2026-2106

github.com

https://github.com/yeqifu/warehouse/issues/58

github.com

https://github.com/yeqifu/warehouse/issues/58#issue-3846664260

github.com

https://github.com/yeqifu/warehouse

vuldb.com

https://vuldb.com/?ctiid.344682

vuldb.com

https://vuldb.com/?id.344682

vuldb.com

https://vuldb.com/?submit.745516

github.com

https://github.com/advisories/GHSA-2xw4-xhqf-2x5p

JSON source

https://cveawg.mitre.org/api/cve/CVE-2026-2106
Click to expand
{
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "cveMetadata": {
    "cveId": "CVE-2026-2106",
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "dateUpdated": "2026-02-07T17:32:06.820Z",
    "dateReserved": "2026-02-06T14:16:00.975Z",
    "datePublished": "2026-02-07T17:32:06.820Z",
    "state": "PUBLISHED"
  },
  "containers": {
    "cna": {
      "providerMetadata": {
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB",
        "dateUpdated": "2026-02-07T17:32:06.820Z"
      },
      "title": "yeqifu warehouse Notice Management NoticeController.java batchDeleteNotice improper authorization",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been found in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. The impacted element is the function addNotice/updateNotice/deleteNotice/batchDeleteNotice of the file dataset\\repos\\warehouse\\src\\main\\java\\com\\yeqifu\\sys\\controller\\NoticeController.java of the component Notice Management. The manipulation leads to improper authorization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The project was informed of the problem early through an issue report but has not responded yet."
        }
      ],
      "affected": [
        {
          "vendor": "yeqifu",
          "product": "warehouse",
          "modules": [
            "Notice Management"
          ],
          "versions": [
            {
              "version": "aaf29962ba407d22d991781de28796ee7b4670e4",
              "status": "affected"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "lang": "en",
              "description": "Improper Authorization",
              "cweId": "CWE-285",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "lang": "en",
              "description": "Incorrect Privilege Assignment",
              "cweId": "CWE-266",
              "type": "CWE"
            }
          ]
        }
      ],
      "references": [
        {
          "url": "https://vuldb.com/?id.344682",
          "name": "VDB-344682 | yeqifu warehouse Notice Management NoticeController.java batchDeleteNotice improper authorization",
          "tags": [
            "vdb-entry",
            "technical-description"
          ]
        },
        {
          "url": "https://vuldb.com/?ctiid.344682",
          "name": "VDB-344682 | CTI Indicators (IOB, IOC, TTP, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ]
        },
        {
          "url": "https://vuldb.com/?submit.745516",
          "name": "Submit #745516 | yeqifu warehouse latest(git commit aaf29962ba407d22d991781de28796ee7b4670e4) Improper Access Controls",
          "tags": [
            "third-party-advisory"
          ]
        },
        {
          "url": "https://github.com/yeqifu/warehouse/issues/58",
          "tags": [
            "issue-tracking"
          ]
        },
        {
          "url": "https://github.com/yeqifu/warehouse/issues/58#issue-3846664260",
          "tags": [
            "exploit",
            "issue-tracking"
          ]
        },
        {
          "url": "https://github.com/yeqifu/warehouse/",
          "tags": [
            "product"
          ]
        }
      ],
      "metrics": [
        {},
        {
          "cvssV3_1": {
            "version": "3.1",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM"
          }
        },
        {
          "cvssV3_0": {
            "version": "3.0",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM"
          }
        },
        {
          "cvssV2_0": {
            "version": "2.0",
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
            "baseScore": 6.5
          }
        }
      ],
      "timeline": [
        {
          "time": "2026-02-06T00:00:00.000Z",
          "lang": "en",
          "value": "Advisory disclosed"
        },
        {
          "time": "2026-02-06T01:00:00.000Z",
          "lang": "en",
          "value": "VulDB entry created"
        },
        {
          "time": "2026-02-06T15:21:10.000Z",
          "lang": "en",
          "value": "VulDB entry last update"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "AliceS614 (VulDB User)",
          "type": "reporter"
        }
      ]
    }
  }
}