CVE-2026-2849
Received Received - Intake
Improper Access Control in Yeqifu Cache Sync Handler

Publication date: 2026-02-20

Last updated on: 2026-04-29

Assigner: VulDB

Description
A vulnerability has been found in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. Affected by this issue is the function deleteCache/removeAllCache/syncCache of the file dataset\repos\warehouse\src\main\java\com\yeqifu\sys\controller\CacheController.java of the component Cache Sync Handler. Such manipulation leads to improper access controls. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This product operates on a rolling release basis, ensuring continuous delivery. Consequently, there are no version details for either affected or updated releases. The project was informed of the problem early through an issue report but has not responded yet.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-20
Last Modified
2026-04-29
Generated
2026-05-07
AI Q&A
2026-02-20
EPSS Evaluated
2026-05-05
NVD
CVE-2026-2849
EUVD
EUVD-2026-8473
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
yeqifu warehouse to 2025-10-06 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-266 A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.
CWE-284 The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

CVE-2026-2849 is a vulnerability in the yeqifu warehouse project affecting the cache management endpoints within the CacheController.java file. Specifically, the functions deleteCache, removeAllCache, and syncCache do not enforce proper authorization checks.

This means that any authenticated user, regardless of their privileges, can invoke these cache operations remotely. These operations include deleting specific cache entries, clearing all cache entries, and forcing cache synchronization.

Because there are no access controls, unauthorized users can manipulate cache data, which can lead to performance issues, exposure to stale or inconsistent data, and unstable application behavior.


How can this vulnerability impact me? :

This vulnerability allows any authenticated user to perform cache maintenance actions without proper authorization.

  • Performance degradation due to arbitrary cache clearing.
  • Exposure to stale or inconsistent data because cache synchronization can be manipulated.
  • Unstable application behavior resulting from unauthorized cache operations.
  • Potential disruption of service availability and integrity.

How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

I don't know


How can this vulnerability be detected on my network or system? Can you suggest some commands?

[{'type': 'paragraph', 'content': 'This vulnerability can be detected by monitoring for unauthorized or suspicious requests to the cache management endpoints of the yeqifu warehouse application, specifically the endpoints: /cache/deleteCache, /cache/removeAllCache, and /cache/syncCache.'}, {'type': 'paragraph', 'content': 'Since exploitation involves sending POST requests with a valid authenticated session cookie to these endpoints, network detection can focus on identifying such POST requests from unexpected or unauthorized users.'}, {'type': 'paragraph', 'content': 'Suggested commands to detect exploitation attempts include using tools like curl or network monitoring utilities to check for POST requests to these endpoints. For example:'}, {'type': 'list_item', 'content': 'Using curl to test access (replace SESSION_COOKIE with a valid session):\ncurl -X POST -b "JSESSIONID=SESSION_COOKIE" https://yourserver/cache/removeAllCache'}, {'type': 'list_item', 'content': "Using network monitoring tools (e.g., tcpdump or Wireshark) to filter HTTP POST requests to these endpoints:\ntcpdump -i any -A 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)' | grep -E 'POST /cache/(deleteCache|removeAllCache|syncCache)'"}, {'type': 'paragraph', 'content': 'Additionally, reviewing application logs for calls to these endpoints without proper authorization or from unexpected users can help detect exploitation.'}] [1]


What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation steps include restricting access to the affected cache management endpoints to only authorized and privileged users.

Since the vulnerability arises from missing authorization checks on the endpoints deleteCache, removeAllCache, and syncCache, implementing proper access control mechanisms on these endpoints is critical.

  • Apply authentication and authorization checks to ensure only trusted users or roles can invoke these cache operations.
  • If possible, disable or restrict access to these endpoints temporarily until a proper fix or patch is available.
  • Monitor and audit usage of these endpoints to detect any unauthorized attempts.

Since no official patch or update is currently available and the project has not responded, consider replacing the affected component with an alternative product if feasible.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart