CVE-2026-2851
Awaiting Analysis Awaiting Analysis - Queue
Improper Access Control in Yeqifu Inport Endpoint Allows Remote Exploit

Publication date: 2026-02-20

Last updated on: 2026-04-29

Assigner: VulDB

Description
A vulnerability was determined in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. This vulnerability affects the function addInport/updateInport/deleteInport of the file dataset\repos\warehouse\src\main\java\com\yeqifu\bus\controller\InportController.java of the component Inport Endpoint. Executing a manipulation can lead to improper access controls. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. This product implements a rolling release for ongoing delivery, which means version information for affected or updated releases is unavailable. The project was informed of the problem early through an issue report but has not responded yet.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-20
Last Modified
2026-04-29
Generated
2026-05-07
AI Q&A
2026-02-20
EPSS Evaluated
2026-05-05
NVD
CVE-2026-2851
EUVD
EUVD-2026-8368
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
yeqifu warehouse to 2025-10-06 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-266 A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.
CWE-284 The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

CVE-2026-2851 is an improper access control vulnerability in the yeqifu warehouse application, specifically affecting the inventory management endpoints handled by InportController.java and OutportController.java.

The affected functionsβ€”addInport, updateInport, and deleteInportβ€”do not enforce proper permission checks, allowing attackers to remotely perform unauthorized inventory operations such as forging inventory movements, adjusting stock quantities, or deleting inventory records.

This lack of authorization means attackers can manipulate inventory data arbitrarily without validation, leading to inaccurate stock levels and potential financial discrepancies.


How can this vulnerability impact me? :

This vulnerability can have several negative impacts including inaccurate stock levels, financial discrepancies, and exploitation of procurement or return workflows.

  • Attackers can forge inventory movements, adding or removing stock without authorization.
  • Unauthorized adjustments to stock quantities can disrupt inventory management and reporting.
  • Deletion of inventory records without permission can cause data loss and operational issues.

Overall, these impacts can compromise the integrity, availability, and reliability of inventory data, potentially leading to financial loss and operational disruption.


How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

I don't know


How can this vulnerability be detected on my network or system? Can you suggest some commands?

[{'type': 'paragraph', 'content': 'This vulnerability can be detected by monitoring unauthorized or suspicious requests to the inventory management endpoints, specifically the addInport, updateInport, and deleteInport functions of the InportController, as well as the addOutport and deleteOutport functions of the OutportController.'}, {'type': 'paragraph', 'content': 'One way to detect exploitation attempts is to look for POST requests to endpoints such as /inport/addInport with unusual or forged parameters, especially when accompanied by attacker-controlled session cookies.'}, {'type': 'paragraph', 'content': 'Suggested commands to detect such activity include using network traffic inspection tools or web server logs to filter for suspicious POST requests. For example, using grep on server logs:'}, {'type': 'list_item', 'content': "grep 'POST /inport/addInport' /var/log/apache2/access.log"}, {'type': 'list_item', 'content': "grep 'POST /inport/updateInport' /var/log/apache2/access.log"}, {'type': 'list_item', 'content': "grep 'POST /inport/deleteInport' /var/log/apache2/access.log"}, {'type': 'list_item', 'content': "grep 'POST /outport/addOutport' /var/log/apache2/access.log"}, {'type': 'list_item', 'content': "grep 'POST /outport/deleteOutport' /var/log/apache2/access.log"}, {'type': 'paragraph', 'content': 'Additionally, monitoring for unexpected changes in inventory data or stock levels may indicate exploitation.'}] [2]


What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation steps include restricting access to the vulnerable endpoints by implementing proper authorization checks to ensure only authorized users can perform inventory operations.

Since the project has not yet provided a fix or response, consider the following actions:

  • Apply network-level access controls such as IP whitelisting or VPN requirements to limit who can reach the affected endpoints.
  • Monitor and audit all inventory-related requests for suspicious activity.
  • If possible, disable or restrict the addInport, updateInport, deleteInport, addOutport, and deleteOutport endpoints until a patch or update is available.
  • Consider replacing the affected component with an alternative product that enforces proper access controls.

Overall, enforcing strict permission checks on these endpoints is critical to prevent unauthorized inventory manipulation.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart