CVE-2026-2668 – This vulnerability allows unauthorized access t... (How to Fix)

Q: What is the severity of CVE-2026-2668?

CVE-2026-2668 has a CVSS score of 7.3 (HIGH). This vulnerability allows unauthorized access to the user management functionality in Rongzhitong Visual Integrated Command and Dispatch Platform. Attackers can remotely exploit improper access controls to add users or perform other unauthorized actions. Organizations using affected versions of this platform are at risk.

📋 TL;DR

This vulnerability allows unauthorized access to the user management functionality in Rongzhitong Visual Integrated Command and Dispatch Platform. Attackers can remotely exploit improper access controls to add users or perform other unauthorized actions. Organizations using affected versions of this platform are at risk.

💻 Affected Systems

Products:

Rongzhitong Visual Integrated Command and Dispatch Platform

Versions: Up to and including 20260206

Operating Systems: Unknown - likely various platforms the software runs on

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the User Handler component via the /dm/dispatch/user/add endpoint. No specific OS requirements mentioned in available information.

📦 What is this software?

Visual Integrated Command And Dispatch Platform by Rongzhitong

View all CVEs affecting Visual Integrated Command And Dispatch Platform →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of the command and dispatch platform, allowing attackers to create administrative accounts, access sensitive operational data, and potentially disrupt critical command functions.

🟠

Likely Case

Unauthorized user creation leading to privilege escalation, data exposure, and potential lateral movement within the affected system.

🟢

If Mitigated

Limited impact with proper network segmentation and access controls preventing exploitation attempts.

🌐 Internet-Facing: HIGH - The vulnerability can be exploited remotely and the exploit is publicly available.

🏢 Internal Only: HIGH - Even internally, the vulnerability allows unauthorized access to critical user management functions.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploit details are publicly available on GitHub. The vulnerability requires no authentication and has simple exploitation steps.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None available - vendor did not respond to disclosure

Restart Required: No

Instructions:

No official patch available. Consider workarounds or alternative solutions.

🔧 Temporary Workarounds

Network Access Restriction

linux

Block access to the vulnerable endpoint using network controls

iptables -A INPUT -p tcp --dport [PORT] -m string --string "/dm/dispatch/user/add" --algo bm -j DROP

Web Application Firewall Rule

all

Add WAF rule to block requests to the vulnerable path

Add rule: Block requests containing "/dm/dispatch/user/add" in URI

🧯 If You Can't Patch

Implement strict network segmentation to isolate the vulnerable system
Deploy additional authentication and authorization layers in front of the application

🔍 How to Verify

Check if Vulnerable:

Test if unauthorized POST requests to /dm/dispatch/user/add endpoint succeed. Check application version against affected range.

Check Version:

Check application interface or configuration files for version information (specific command depends on deployment)

Verify Fix Applied:

Verify that unauthorized requests to /dm/dispatch/user/add are properly rejected with appropriate authentication/authorization errors.

📡 Detection & Monitoring

Log Indicators:

Unauthorized POST requests to /dm/dispatch/user/add
Unexpected user creation events
Failed authentication attempts followed by successful user management actions

Network Indicators:

HTTP POST requests to /dm/dispatch/user/add without proper authentication headers
Unusual traffic patterns to user management endpoints

SIEM Query:

source="web_logs" AND uri="/dm/dispatch/user/add" AND http_method="POST" AND (user="-" OR auth_status="failed")

📊 Metadata

CVE ID: CVE-2026-2668

CVSS v3 Score: 7.3 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CWE: CWE-266

Published: February 18, 2026

Last Updated: February 26, 2026

🔗 References

https://github.com/21151213732/CVE/blob/main/VICDP-Unauthorized%20Access2.md Exploit,Third Party Advisory
https://vuldb.com/?ctiid.346465 Permissions Required,VDB Entry
https://vuldb.com/?id.346465 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.753283 Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2026-2668, you might also want to check these: