CVE-2026-2107
Improper Authorization in Yeqifu Log Info Handler Allows Remote Access
Publication date: 2026-02-07
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| yeqifu | warehouse | to 2025-10-06 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-285 | The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action. |
| CWE-266 | A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': 'CVE-2026-2107 is a vulnerability in the yeqifu warehouse application affecting the log management functions. Specifically, the functions loadAllLoginfo, deleteLoginfo, and batchDeleteLoginfo in the LoginfoController.java file lack proper authorization checks.'}, {'type': 'paragraph', 'content': "This means attackers can remotely access and delete login audit logs without permission. The absence of authorization allows unauthorized users to view sensitive login audit information and delete logs, which compromises the system's ability to track and monitor user activities."}, {'type': 'paragraph', 'content': 'The vulnerability enables attackers to erase evidence of their actions, hide malicious activities, and evade detection by administrators.'}] [1, 2, 3]
How can this vulnerability impact me? :
[{'type': 'paragraph', 'content': "This vulnerability impacts the confidentiality, integrity, and availability of the system's log information."}, {'type': 'list_item', 'content': 'Attackers can view sensitive login audit logs without authorization, exposing confidential information.'}, {'type': 'list_item', 'content': 'Unauthorized deletion of logs allows attackers to cover their tracks, making it difficult to detect malicious activities such as privilege escalation or brute-force attacks.'}, {'type': 'list_item', 'content': 'The inability to rely on audit logs undermines forensic investigations and incident response efforts.'}, {'type': 'list_item', 'content': 'Overall, this can lead to prolonged undetected compromises and increased risk of further attacks.'}] [1, 2, 3]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability undermines compliance with standards and regulations that require secure logging and audit trails, such as GDPR and HIPAA.
By allowing unauthorized access and deletion of login audit logs, it compromises the integrity and availability of audit records, which are critical for accountability, breach detection, and forensic analysis.
This failure to protect audit logs can lead to violations of regulatory requirements for data protection, incident response, and security monitoring.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability involves improper authorization on log viewing and deletion endpoints in the yeqifu warehouse application, specifically in the LoginfoController.java file. Detection can focus on monitoring unauthorized access or deletion attempts to these endpoints.'}, {'type': 'paragraph', 'content': 'One way to detect exploitation attempts is to monitor HTTP requests targeting the following endpoints: /loginfo/loadAllLoginfo, /loginfo/deleteLoginfo, and /loginfo/batchDeleteLoginfo.'}, {'type': 'paragraph', 'content': 'For example, you can use network monitoring tools or web server logs to search for suspicious POST requests to /loginfo/deleteLoginfo or /loginfo/batchDeleteLoginfo with parameters indicating deletion of logs.'}, {'type': 'list_item', 'content': 'Use command-line tools like grep or awk on web server logs to find requests to these endpoints, e.g.:'}, {'type': 'list_item', 'content': 'grep -i "/loginfo/deleteLoginfo" /var/log/nginx/access.log'}, {'type': 'list_item', 'content': 'grep -i "/loginfo/batchDeleteLoginfo" /var/log/nginx/access.log'}, {'type': 'list_item', 'content': 'Check for unusual or unauthorized IP addresses making these requests.'}, {'type': 'paragraph', 'content': "Additionally, monitoring for missing or abnormal log entries in the system's audit logs could indicate that logs have been deleted or tampered with due to this vulnerability."}] [1, 3]
What immediate steps should I take to mitigate this vulnerability?
Currently, there are no known patches or official fixes available for this vulnerability as the project has not responded to the issue report.
Immediate mitigation steps include restricting access to the affected endpoints (/loginfo/loadAllLoginfo, /loginfo/deleteLoginfo, /loginfo/batchDeleteLoginfo) by implementing network-level controls such as firewall rules or web application firewall (WAF) rules to limit access only to trusted administrators.
Consider disabling or removing the affected log management functionality if possible until a fix is available.
Monitor logs and network traffic closely for any suspicious activity targeting these endpoints.
As a longer-term measure, consider replacing the affected component with an alternative product that properly enforces authorization checks.