CVE-2026-2852 | yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4 Sales Endpoint SalesController.java addSales/updateSales/deleteSales access control (Issue 63)

A vulnerability classified as critical has been found in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. This issue affects the function addSales/updateSales/deleteSales of the file datasetreposwarehousesrcmainjavacomyeqifubuscontrollerSalesController.java of the component Sales Endpoint. The manipulation leads to improper access controls.

This vulnerability is uniquely identified as CVE-2026-2852. The attack is possible to be carried out remotely. Moreover, an exploit is present.

This product adopts a rolling release strategy to maintain continuous delivery. Therefore, version details for affected or updated releases cannot be specified.

The project was informed of the problem early through an issue report but has not responded yet.

CVE-2026-2852 | yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4 Sales Endpoint SalesController.java addSales/updateSales/deleteSales access control (Issue 63)

Post correlati

CVE-2024-34023 | Intel Graphics Drivers untrusted pointer dereference (intel-sa-01132)

CVE-2023-23990 | Qube One Redirection for Contact Form 7 Plugin up to 2.7.0 on WordPress privileges management

CVE-2024-31229 | Really Simple Plugins Really Simple SSL Plugin up to 7.2.3 on WordPress server-side request forgery

CVE-2024-10709 | YaDisk Files Plugin up to 1.2.5 on WordPress Shortcode Attribute cross site scripting