CVE-2026-2107 | yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4 Log Info LoginfoController.java loadAllLoginfo/deleteLoginfo/batchDeleteLoginfo improper authorization

A vulnerability, which was classified as critical, was found in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. This affects the function loadAllLoginfo/deleteLoginfo/batchDeleteLoginfo of the file datasetreposwarehousesrcmainjavacomyeqifusyscontrollerLoginfoController.java of the component Log Info Handler. The manipulation results in improper authorization.

This vulnerability is reported as CVE-2026-2107. The attack can be launched remotely. Moreover, an exploit is present.

This product does not use versioning. This is why information about affected and unaffected releases are unavailable.

The project was informed of the problem early through an issue report but has not responded yet.

CVE-2026-2107 | yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4 Log Info LoginfoController.java loadAllLoginfo/deleteLoginfo/batchDeleteLoginfo improper authorization

Post correlati

CVE-2025-27677 | Vasion Print Virtual Appliance Host symlink

CVE-2024-3077 | zephyrproject-rtos Zephyr up to 3.6 BLE integer overflow (GHSA-gmfv-4vfh-2mh8)

CVE-2024-8023 | chillzhuang SpringBlade 4.1.0 list sql injection

CVE-2025-27455 | Endress+Hauser MEAC300-FNADE4 up to 0.16.0 ui layer