CVE-2026-2107
Unknown Unknown - Not Provided
Improper Authorization in Yeqifu Log Info Handler Allows Remote Access

Publication date: 2026-02-07

Last updated on: 2026-04-29

Assigner: VulDB

Description
A vulnerability was found in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. This affects the function loadAllLoginfo/deleteLoginfo/batchDeleteLoginfo of the file dataset\repos\warehouse\src\main\java\com\yeqifu\sys\controller\LoginfoController.java of the component Log Info Handler. The manipulation results in improper authorization. The attack can be launched remotely. The exploit has been made public and could be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The project was informed of the problem early through an issue report but has not responded yet.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-07
Last Modified
2026-04-29
Generated
2026-06-16
AI Q&A
2026-02-07
EPSS Evaluated
2026-06-14
NVD
CVE-2026-2107
EUVD
EUVD-2026-5720
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
yeqifu warehouse to 2025-10-06 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-285 The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.
CWE-266 A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

[{'type': 'paragraph', 'content': 'CVE-2026-2107 is a vulnerability in the yeqifu warehouse application affecting the log management functions. Specifically, the functions loadAllLoginfo, deleteLoginfo, and batchDeleteLoginfo in the LoginfoController.java file lack proper authorization checks.'}, {'type': 'paragraph', 'content': "This means attackers can remotely access and delete login audit logs without permission. The absence of authorization allows unauthorized users to view sensitive login audit information and delete logs, which compromises the system's ability to track and monitor user activities."}, {'type': 'paragraph', 'content': 'The vulnerability enables attackers to erase evidence of their actions, hide malicious activities, and evade detection by administrators.'}] [1, 2, 3]

Impact Analysis

[{'type': 'paragraph', 'content': "This vulnerability impacts the confidentiality, integrity, and availability of the system's log information."}, {'type': 'list_item', 'content': 'Attackers can view sensitive login audit logs without authorization, exposing confidential information.'}, {'type': 'list_item', 'content': 'Unauthorized deletion of logs allows attackers to cover their tracks, making it difficult to detect malicious activities such as privilege escalation or brute-force attacks.'}, {'type': 'list_item', 'content': 'The inability to rely on audit logs undermines forensic investigations and incident response efforts.'}, {'type': 'list_item', 'content': 'Overall, this can lead to prolonged undetected compromises and increased risk of further attacks.'}] [1, 2, 3]

Compliance Impact

The vulnerability undermines compliance with standards and regulations that require secure logging and audit trails, such as GDPR and HIPAA.

By allowing unauthorized access and deletion of login audit logs, it compromises the integrity and availability of audit records, which are critical for accountability, breach detection, and forensic analysis.

This failure to protect audit logs can lead to violations of regulatory requirements for data protection, incident response, and security monitoring.

Detection Guidance

[{'type': 'paragraph', 'content': 'This vulnerability involves improper authorization on log viewing and deletion endpoints in the yeqifu warehouse application, specifically in the LoginfoController.java file. Detection can focus on monitoring unauthorized access or deletion attempts to these endpoints.'}, {'type': 'paragraph', 'content': 'One way to detect exploitation attempts is to monitor HTTP requests targeting the following endpoints: /loginfo/loadAllLoginfo, /loginfo/deleteLoginfo, and /loginfo/batchDeleteLoginfo.'}, {'type': 'paragraph', 'content': 'For example, you can use network monitoring tools or web server logs to search for suspicious POST requests to /loginfo/deleteLoginfo or /loginfo/batchDeleteLoginfo with parameters indicating deletion of logs.'}, {'type': 'list_item', 'content': 'Use command-line tools like grep or awk on web server logs to find requests to these endpoints, e.g.:'}, {'type': 'list_item', 'content': 'grep -i "/loginfo/deleteLoginfo" /var/log/nginx/access.log'}, {'type': 'list_item', 'content': 'grep -i "/loginfo/batchDeleteLoginfo" /var/log/nginx/access.log'}, {'type': 'list_item', 'content': 'Check for unusual or unauthorized IP addresses making these requests.'}, {'type': 'paragraph', 'content': "Additionally, monitoring for missing or abnormal log entries in the system's audit logs could indicate that logs have been deleted or tampered with due to this vulnerability."}] [1, 3]

Mitigation Strategies

Currently, there are no known patches or official fixes available for this vulnerability as the project has not responded to the issue report.

Immediate mitigation steps include restricting access to the affected endpoints (/loginfo/loadAllLoginfo, /loginfo/deleteLoginfo, /loginfo/batchDeleteLoginfo) by implementing network-level controls such as firewall rules or web application firewall (WAF) rules to limit access only to trusted administrators.

Consider disabling or removing the affected log management functionality if possible until a fix is available.

Monitor logs and network traffic closely for any suspicious activity targeting these endpoints.

As a longer-term measure, consider replacing the affected component with an alternative product that properly enforces authorization checks.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-2107. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart