CVE-2026-2668
Improper Access Control in Rongzhitong User Handler Allows Remote Exploit
Publication date: 2026-02-18
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| rongzhitong | visual_integrated_command_and_dispatch_platform | to 2026-02-06 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-266 | A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor. |
| CWE-284 | The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-2668 is an unauthorized access vulnerability in the Rongzhitong Visual Integrated Command and Dispatch Platform, specifically in the User Handler component at the endpoint /dm/dispatch/user/add.
This flaw allows attackers to bypass authentication and access this endpoint remotely without any authorization.
By exploiting this vulnerability, an attacker can add arbitrary users to the system, compromising system integrity and security.
How can this vulnerability impact me? :
The vulnerability can lead to unauthorized creation of users, which compromises the confidentiality, integrity, and availability of the system.
Attackers can remotely exploit this flaw without authentication, potentially gaining persistent unauthorized access and control over the system.
This can result in unauthorized data access, manipulation, or disruption of services.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability affects the endpoint /dm/dispatch/user/add in the Rongzhitong Visual Integrated Command and Dispatch Platform. Detection can focus on monitoring unauthorized or unexpected access attempts to this specific endpoint.'}, {'type': 'paragraph', 'content': 'Network detection can involve inspecting HTTP requests targeting the /dm/dispatch/user/add path for suspicious activity, such as POST requests that add users without proper authentication.'}, {'type': 'paragraph', 'content': 'Suggested commands to detect exploitation attempts include using network traffic analysis tools like tcpdump or Wireshark to filter for requests to the vulnerable endpoint. For example:'}, {'type': 'list_item', 'content': "tcpdump -i <interface> -A 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)' | grep '/dm/dispatch/user/add'"}, {'type': 'list_item', 'content': "Using web server logs, grep for access to /dm/dispatch/user/add to identify suspicious POST requests: grep '/dm/dispatch/user/add' /var/log/nginx/access.log"}, {'type': 'paragraph', 'content': 'Additionally, monitoring for creation of new users or unexpected changes in user accounts on the system can help detect exploitation.'}] [1, 2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation involves restricting access to the vulnerable endpoint /dm/dispatch/user/add to prevent unauthorized remote exploitation.
Implement firewall rules or network access controls to block external access to this endpoint unless it is absolutely necessary and properly secured.
- Configure firewall to deny inbound traffic to the /dm/dispatch/user/add path or the associated service port from untrusted networks.
- If possible, apply authentication and authorization checks on the affected component to ensure only authorized users can access the endpoint.
Monitor logs for any suspicious activity related to user additions and review user accounts for unauthorized changes.
Since the vendor has not provided a patch or response, these network-level mitigations are critical to reduce risk until an official fix is available.