CVE-2026-2851 | yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4 Inport Endpoint InportController.java addInport/updateInport/deleteInport access control (Issue 62)

A vulnerability described as critical has been identified in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. This vulnerability affects the function addInport/updateInport/deleteInport of the file datasetreposwarehousesrcmainjavacomyeqifubuscontrollerInportController.java of the component Inport Endpoint. Executing a manipulation can lead to improper access controls.

This vulnerability is handled as CVE-2026-2851. The attack can be executed remotely. Additionally, an exploit exists.

This product implements a rolling release for ongoing delivery, which means version information for affected or updated releases is unavailable.

The project was informed of the problem early through an issue report but has not responded yet.

CVE-2026-2851 | yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4 Inport Endpoint InportController.java addInport/updateInport/deleteInport access control (Issue 62)

Post correlati

CVE-2025-15012 | code-projects Refugee Food Management System 1.0 /home/home.php a sql injection

CVE-2023-50841 | Repute Infosystems BookingPress Plugin up to 1.0.72 on WordPress sql injection

CVE-2024-47191 | oath-toolkit up to 2.6.11 pam_oath.so liboath/usersfile.c oath_authenticate_usersfile symlink (Nessus ID 208203)

CVE-2024-5863 | Easy Image Collage Plugin up to 1.13.5 on WordPress authorization