CVE-2026-0574
yeqifu warehouse Request UserController.java saveUserRole improper authorization
CVSS Score
6.3
EPSS Score
0.0%
EPSS Percentile
0th
A weakness has been identified in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. This affects the function saveUserRole of the file warehouse\src\main\java\com\yeqifu\sys\controller\UserController.java of the component Request Handler. This manipulation causes improper authorization. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be used for attacks. This product adopts a rolling release strategy to maintain continuous delivery. Therefore, version details for affected or updated releases cannot be specified.
| CWE | CWE-285 CWE-266 |
| Vendor | yeqifu |
| Product | warehouse |
| Published | Jan 4, 2026 |
| Last Updated | Feb 23, 2026 |
Stay Ahead of the Next One
Get instant alerts for yeqifu warehouse
Be the first to know when new medium vulnerabilities affecting yeqifu warehouse are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
yeqifu / warehouse
aaf29962ba407d22d991781de28796ee7b4670e4
References
vuldb.com: https://vuldb.com/?id.339458 vuldb.com: https://vuldb.com/?ctiid.339458 vuldb.com: https://vuldb.com/?submit.729374 github.com: https://github.com/5i1encee/Vul/blob/main/Vertical_privilege_escalation_Vulnerability_in_Project_yeqifu_warehouse.md github.com: https://github.com/5i1encee/Vul/blob/main/Vertical_privilege_escalation_Vulnerability_in_Project_yeqifu_warehouse.md#poc
Credits
๐ 5i1encee (VulDB User)