A vulnerability was found in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. This affects the function loadAllLoginfo/deleteLoginfo/batchDeleteLoginfo of the file dataset\repos\warehouse\src\main\java\com\yeqifu\sys\controller\LoginfoController.java of the component Log Info Handler. The manipulation results in improper authorization. The attack can be launched remotely. The exploit has been made public and could be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The project was informed of the problem early through an issue report but has not responded yet.
PUBLISHED5.2CWE-285CWE-266
yeqifu warehouse Log Info LoginfoController.java batchDeleteLoginfo improper authorization
Problem type
Affected products
yeqifu
warehouse
aaf29962ba407d22d991781de28796ee7b4670e4 - AFFECTED
References
VDB-344683 | yeqifu warehouse Log Info LoginfoController.java batchDeleteLoginfo improper authorization
https://vuldb.com/?id.344683
VDB-344683 | CTI Indicators (IOB, IOC, TTP, IOA)
https://vuldb.com/?ctiid.344683
Submit #745517 | yeqifu warehouse latest(git commit aaf29962ba407d22d991781de28796ee7b4670e4) Improper Access Controls
https://vuldb.com/?submit.745517
github.com
https://github.com/yeqifu/warehouse/issues/59
github.com
https://github.com/yeqifu/warehouse/issues/59#issue-3846665806
github.com
https://github.com/yeqifu/warehouse/
JSON source
https://cveawg.mitre.org/api/cve/CVE-2026-2107Click to expand
{
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"cveMetadata": {
"cveId": "CVE-2026-2107",
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"dateUpdated": "2026-02-07T18:32:08.198Z",
"dateReserved": "2026-02-06T14:16:03.665Z",
"datePublished": "2026-02-07T18:32:08.198Z",
"state": "PUBLISHED"
},
"containers": {
"cna": {
"providerMetadata": {
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB",
"dateUpdated": "2026-02-07T18:32:08.198Z"
},
"title": "yeqifu warehouse Log Info LoginfoController.java batchDeleteLoginfo improper authorization",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. This affects the function loadAllLoginfo/deleteLoginfo/batchDeleteLoginfo of the file dataset\\repos\\warehouse\\src\\main\\java\\com\\yeqifu\\sys\\controller\\LoginfoController.java of the component Log Info Handler. The manipulation results in improper authorization. The attack can be launched remotely. The exploit has been made public and could be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The project was informed of the problem early through an issue report but has not responded yet."
}
],
"affected": [
{
"vendor": "yeqifu",
"product": "warehouse",
"modules": [
"Log Info Handler"
],
"versions": [
{
"version": "aaf29962ba407d22d991781de28796ee7b4670e4",
"status": "affected"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"lang": "en",
"description": "Improper Authorization",
"cweId": "CWE-285",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"lang": "en",
"description": "Incorrect Privilege Assignment",
"cweId": "CWE-266",
"type": "CWE"
}
]
}
],
"references": [
{
"url": "https://vuldb.com/?id.344683",
"name": "VDB-344683 | yeqifu warehouse Log Info LoginfoController.java batchDeleteLoginfo improper authorization",
"tags": [
"vdb-entry",
"technical-description"
]
},
{
"url": "https://vuldb.com/?ctiid.344683",
"name": "VDB-344683 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
]
},
{
"url": "https://vuldb.com/?submit.745517",
"name": "Submit #745517 | yeqifu warehouse latest(git commit aaf29962ba407d22d991781de28796ee7b4670e4) Improper Access Controls",
"tags": [
"third-party-advisory"
]
},
{
"url": "https://github.com/yeqifu/warehouse/issues/59",
"tags": [
"issue-tracking"
]
},
{
"url": "https://github.com/yeqifu/warehouse/issues/59#issue-3846665806",
"tags": [
"exploit",
"issue-tracking"
]
},
{
"url": "https://github.com/yeqifu/warehouse/",
"tags": [
"product"
]
}
],
"metrics": [
{},
{
"cvssV3_1": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
}
},
{
"cvssV3_0": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
}
},
{
"cvssV2_0": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"baseScore": 6.5
}
}
],
"timeline": [
{
"time": "2026-02-06T00:00:00.000Z",
"lang": "en",
"value": "Advisory disclosed"
},
{
"time": "2026-02-06T01:00:00.000Z",
"lang": "en",
"value": "VulDB entry created"
},
{
"time": "2026-02-06T15:21:12.000Z",
"lang": "en",
"value": "VulDB entry last update"
}
],
"credits": [
{
"lang": "en",
"value": "AliceS614 (VulDB User)",
"type": "reporter"
}
]
}
}
}