CVE-2026-2106 | yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4 Notice Management NoticeController.java improper authorization

A vulnerability, which was classified as critical, has been found in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. The impacted element is the function addNotice/updateNotice/deleteNotice/batchDeleteNotice of the file datasetreposwarehousesrcmainjavacomyeqifusyscontrollerNoticeController.java of the component Notice Management. The manipulation leads to improper authorization.

This vulnerability is documented as CVE-2026-2106. The attack can be initiated remotely. Additionally, an exploit exists.

Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available.

The project was informed of the problem early through an issue report but has not responded yet.

CVE-2026-2106 | yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4 Notice Management NoticeController.java improper authorization

Post correlati

CVE-2025-10718 | Ooma Office Business Phone App up to 7.2.2 on Android com.ooma.office2 improper export of android application components

CVE-2025-6493 | CodeMirror up to 5.17.0 Markdown Mode markdown.js redos (Issue 7128)

CVE-2024-10652 | Changing Information Technology IDExpert up to 2.8 cross site scripting

CVE-2023-44252 | Fortinet FortiWAN up to 5.1.2/5.2.1 JWT Token improper authentication (FG-IR-23-061)