CVE-2026-0574
📋 TL;DR
This CVE describes an improper authorization vulnerability in the yeqifu warehouse software that allows vertical privilege escalation. Attackers can remotely exploit the saveUserRole function to gain unauthorized administrative privileges. All deployments using affected versions are vulnerable.
💻 Affected Systems
- yeqifu warehouse
📦 What is this software?
Warehouse by Yeqifu
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise where attackers gain administrative access, modify user roles, access sensitive data, and potentially pivot to other systems.
Likely Case
Unauthorized privilege escalation allowing attackers to modify user permissions, access restricted functionality, and potentially exfiltrate sensitive data.
If Mitigated
Limited impact with proper network segmentation, strong authentication, and monitoring detecting unauthorized role changes.
🎯 Exploit Status
Exploit requires some authentication but allows privilege escalation. Public proof-of-concept exists in GitHub repository.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Unknown
Vendor Advisory: None found
Restart Required: Yes
Instructions:
1. Check for updates from the yeqifu warehouse repository
2. Apply the latest version if available
3. Restart the application
4. Verify the saveUserRole function has proper authorization checks
🔧 Temporary Workarounds
Network Access Restriction
allRestrict access to the warehouse application to trusted networks only
Web Application Firewall Rules
allImplement WAF rules to block requests attempting to modify user roles without proper authorization
🧯 If You Can't Patch
- Implement strict network segmentation to isolate the warehouse application
- Enhance monitoring for unauthorized role modification attempts and implement alerting
🔍 How to Verify
Check if Vulnerable:
Check if your deployment uses code from commit aaf29962ba407d22d991781de28796ee7b4670e4 or earlier in the UserController.java fileCheck Version:
Check git commit history or build metadata for the application versionVerify Fix Applied:
Verify the saveUserRole function includes proper authorization checks and role validation📡 Detection & Monitoring
Log Indicators:
- Unauthorized role modification attempts
- User privilege escalation events
- Failed authorization checks for saveUserRole function
Network Indicators:
- HTTP POST requests to user role modification endpoints from unauthorized sources
SIEM Query:
source="warehouse" AND (event="role_modification" OR event="privilege_escalation") AND result="success" AND user_role!="admin"🔗 References
- https://github.com/5i1encee/Vul/blob/main/Vertical_privilege_escalation_Vulnerability_in_Project_yeqifu_warehouse.md
- https://github.com/5i1encee/Vul/blob/main/Vertical_privilege_escalation_Vulnerability_in_Project_yeqifu_warehouse.md#poc
- https://vuldb.com/?ctiid.339458
- https://vuldb.com/?id.339458
- https://vuldb.com/?submit.729374
