CVE-2026-2107
📋 TL;DR
This CVE describes an improper authorization vulnerability in the yeqifu warehouse software's log info handler component. Attackers can remotely exploit this to perform unauthorized log operations like viewing or deleting log data. Any system running the affected yeqifu warehouse software is vulnerable.
💻 Affected Systems
- yeqifu warehouse
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers could delete all system logs to cover tracks after a breach, manipulate audit trails, or exfiltrate sensitive information from logs.
Likely Case
Unauthorized access to log data, potential log deletion or manipulation affecting forensic investigations.
If Mitigated
Proper authorization controls would prevent unauthorized access, limiting impact to legitimate users only.
🎯 Exploit Status
The exploit has been made public and could be used. Attackers need some level of access but can exploit remotely once authenticated.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Unknown
Vendor Advisory: None available
Restart Required: Yes
Instructions:
No official patch available. The project was informed but has not responded. Consider applying authorization controls manually to the affected functions.
🔧 Temporary Workarounds
Implement authorization middleware
allAdd proper authorization checks before the loadAllLoginfo, deleteLoginfo, and batchDeleteLoginfo functions execute
Manual code modification required - no automated commands
Network segmentation
linuxRestrict network access to the warehouse application to trusted networks only
firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="TRUSTED_NETWORK" port port="APP_PORT" protocol="tcp" accept'
iptables -A INPUT -p tcp --dport APP_PORT -s TRUSTED_NETWORK -j ACCEPT
🧯 If You Can't Patch
- Implement network-level access controls to restrict who can reach the warehouse application
- Enable detailed logging and monitoring of all log access attempts to detect exploitation attempts
🔍 How to Verify
Check if Vulnerable:
Check if your yeqifu warehouse deployment uses code from commit aaf29962ba407d22d991781de28796ee7b4670e4 or earlier by examining the LoginfoController.java fileCheck Version:
git log --oneline -1 (if using git) or check the specific commit hash in the codebaseVerify Fix Applied:
Test that unauthorized users cannot access loginfo endpoints and that proper authorization checks are implemented📡 Detection & Monitoring
Log Indicators:
- Unauthorized access attempts to /loginfo endpoints
- Multiple log deletion requests from single user
- Log access from unexpected IP addresses
Network Indicators:
- HTTP requests to /loginfo endpoints without proper authentication headers
- Burst of DELETE requests to log endpoints
SIEM Query:
source="warehouse_logs" AND (uri_path="/loginfo" OR uri_path="/deleteLoginfo" OR uri_path="/batchDeleteLoginfo") AND user="*" | stats count by src_ip, user