CVE-2026-2852
Received Received - Intake
Improper Access Control in Yeqifu Sales Endpoint Allows Remote Exploitation

Publication date: 2026-02-20

Last updated on: 2026-04-29

Assigner: VulDB

Description
A vulnerability was identified in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. This issue affects the function addSales/updateSales/deleteSales of the file dataset\repos\warehouse\src\main\java\com\yeqifu\bus\controller\SalesController.java of the component Sales Endpoint. The manipulation leads to improper access controls. The attack is possible to be carried out remotely. The exploit is publicly available and might be used. This product adopts a rolling release strategy to maintain continuous delivery. Therefore, version details for affected or updated releases cannot be specified. The project was informed of the problem early through an issue report but has not responded yet.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-20
Last Modified
2026-04-29
Generated
2026-05-07
AI Q&A
2026-02-20
EPSS Evaluated
2026-05-05
NVD
CVE-2026-2852
EUVD
EUVD-2026-8360
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
yeqifu warehouse to 2025-10-06 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-266 A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.
CWE-284 The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

CVE-2026-2852 is a critical access control vulnerability in the yeqifu warehouse project, specifically affecting the Sales Endpoint component within the SalesController.java file. The vulnerability impacts the addSales, updateSales, and deleteSales functions by lacking proper authorization checks.

This flaw allows unauthorized users to remotely manipulate sales records, including forging new sales, updating existing ones, or deleting legitimate sales data without permission. The issue arises because the affected methods do not verify if the user has the necessary permissions before performing these operations.

The vulnerability corresponds to improper access control (CWE-284 and CWE-266) and is exploitable remotely with publicly available proof-of-concept exploits.


How can this vulnerability impact me? :

This vulnerability can severely impact your system by allowing attackers to manipulate sales and salesback data without authorization.

  • Attackers can forge sales or return records.
  • They can delete legitimate sales or return records.
  • Manipulation of revenue and stock data is possible.

These actions compromise accounting accuracy and the integrity of business reporting, potentially leading to financial losses and operational disruptions.


How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

I don't know


How can this vulnerability be detected on my network or system? Can you suggest some commands?

[{'type': 'paragraph', 'content': 'This vulnerability can be detected by monitoring for unauthorized or suspicious HTTP POST requests to the affected endpoints, such as /sales/addSales, /sales/updateSales, and /sales/deleteSales, especially those that manipulate sales data without proper authorization.'}, {'type': 'paragraph', 'content': 'A practical detection method is to inspect web server logs or use network monitoring tools to identify POST requests to these endpoints with unusual or unexpected parameters.'}, {'type': 'paragraph', 'content': 'For example, you can use the following command to search for suspicious POST requests in your web server logs (assuming logs are in access.log):'}, {'type': 'list_item', 'content': "grep -i 'POST /sales/addSales' access.log"}, {'type': 'list_item', 'content': "grep -i 'POST /sales/updateSales' access.log"}, {'type': 'list_item', 'content': "grep -i 'POST /sales/deleteSales' access.log"}, {'type': 'paragraph', 'content': 'Additionally, monitoring for session cookies used in these requests can help identify unauthorized access attempts.'}, {'type': 'paragraph', 'content': 'Network intrusion detection systems (NIDS) can be configured to alert on these specific HTTP requests if signatures or rules are created based on the publicly available proof-of-concept exploit.'}] [3]


What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation steps include implementing strict role-based access control (RBAC) on the affected endpoints to ensure that only authorized users can perform add, update, or delete operations on sales and salesback records.

Validate record ownership and workflow states before allowing modifications to prevent unauthorized manipulation.

Ensure comprehensive logging of all changes for audit purposes to detect and investigate unauthorized activities.

If immediate code changes are not possible, consider restricting access to the affected endpoints via network controls such as firewalls or API gateways to limit exposure.

Since no official patches or fixes have been released, consider replacing the affected component with an alternative product if feasible.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart