CVE-2026-2079
Improper Authorization in Yeqifu Menu Management via Remote Exploit
Publication date: 2026-02-07
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| yeqifu | warehouse | to 2025-10-06 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-285 | The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action. |
| CWE-266 | A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a flaw found in the yeqifu warehouse software affecting the Menu Management component, specifically the addMenu, updateMenu, and deleteMenu functions in the MenuController.java file. It allows an attacker to perform improper authorization, meaning they could manipulate these functions without proper permissions. The attack can be launched remotely, and an exploit for this vulnerability has already been published.
How can this vulnerability impact me? :
The vulnerability can lead to unauthorized manipulation of menu management functions, potentially allowing attackers to add, update, or delete menu entries without proper authorization. This could compromise the integrity of the system's menu data and potentially lead to further unauthorized actions or access within the affected software.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
I don't know
What immediate steps should I take to mitigate this vulnerability?
I don't know