CVE-2026-0571
📋 TL;DR
This CVE describes a path traversal vulnerability in the yeqifu warehouse software that allows attackers to read arbitrary files on the server by manipulating the 'path' parameter in the createResponseEntity function. The vulnerability can be exploited remotely without authentication, potentially exposing sensitive system files. All deployments of yeqifu warehouse up to commit aaf29962ba407d22d991781de28796ee7b4670e4 are affected.
💻 Affected Systems
- yeqifu warehouse
📦 What is this software?
Warehouse by Yeqifu
⚠️ Risk & Real-World Impact
Worst Case
Attackers could read sensitive system files like /etc/passwd, configuration files, or application secrets, leading to complete system compromise if credentials are exposed.
Likely Case
Unauthorized reading of application files, configuration data, or user-uploaded content, potentially enabling further attacks or data exfiltration.
If Mitigated
Limited to reading files within the application's intended directory scope with proper input validation and access controls.
🎯 Exploit Status
Public proof-of-concept demonstrates arbitrary file reading via path traversal. The exploit is simple and requires minimal technical skill.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Unknown - rolling release model
Vendor Advisory: None found
Restart Required: Yes
Instructions:
1. Update to a version after commit aaf29962ba407d22d991781de28796ee7b4670e4
2. Restart the application
3. Verify the fix by testing path traversal attempts
🔧 Temporary Workarounds
Input Validation Filter
allImplement input validation to reject path traversal sequences like '../' in the path parameter
// Java code to sanitize input
String sanitizedPath = path.replaceAll("\\.\\./", "").replaceAll("\\.\\.\\\\", "");
Web Application Firewall Rule
allBlock requests containing path traversal patterns in URL parameters
# Example WAF rule to block ../ patterns
SecRule ARGS "@contains ../" "id:1001,phase:2,deny,status:403,msg:'Path traversal attempt'"
🧯 If You Can't Patch
- Implement network segmentation to restrict access to affected systems
- Deploy a web application firewall with path traversal detection rules
🔍 How to Verify
Check if Vulnerable:
Test by sending a request with path traversal sequences like '../../etc/passwd' to the vulnerable endpoint and check if file contents are returned.Check Version:
Check git commit hash: git log --oneline -1Verify Fix Applied:
Attempt the same path traversal attack after patching - it should return an error or sanitized path instead of file contents.📡 Detection & Monitoring
Log Indicators:
- HTTP requests containing '../' patterns in URL parameters
- Unusual file access patterns from web requests
- 403 errors after implementing WAF rules
Network Indicators:
- HTTP GET/POST requests with path traversal sequences
- Unusual file read patterns from web server
SIEM Query:
source="web_logs" AND (url="*../*" OR parameters="*../*")🔗 References
- https://github.com/5i1encee/Vul/blob/main/Arbitrary%20File%20Read%20Vulnerability%20in%20Project%20yeqifu%20warehouse.md
- https://github.com/5i1encee/Vul/blob/main/Arbitrary%20File%20Read%20Vulnerability%20in%20Project%20yeqifu%20warehouse.md#poc
- https://vuldb.com/?ctiid.339385
- https://vuldb.com/?id.339385
- https://vuldb.com/?submit.729331
- https://github.com/5i1encee/Vul/blob/main/Arbitrary%20File%20Read%20Vulnerability%20in%20Project%20yeqifu%20warehouse.md
