CVE-2026-2850
📋 TL;DR
This CVE describes an improper access control vulnerability in the yeqifu warehouse software's customer management endpoints. Attackers can manipulate addCustomer/updateCustomer/deleteCustomer functions to bypass authorization checks, potentially allowing unauthorized access to customer data or system manipulation. Organizations using affected versions of yeqifu warehouse are vulnerable.
💻 Affected Systems
- yeqifu warehouse
📦 What is this software?
Warehouse by Yeqifu
⚠️ Risk & Real-World Impact
Worst Case
Complete compromise of customer data including unauthorized creation, modification, or deletion of customer records, potentially leading to data integrity loss, privacy violations, or business disruption.
Likely Case
Unauthorized access to customer data, modification of customer information, or deletion of customer records by attackers with network access to the application.
If Mitigated
Proper access controls would prevent unauthorized operations, limiting impact to legitimate users with appropriate permissions only.
🎯 Exploit Status
Exploit details are publicly available in GitHub issues. Remote exploitation is possible but requires some level of access to the application endpoints.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Not available
Vendor Advisory: Not available
Restart Required: Yes
Instructions:
No official patch available. Monitor the GitHub repository for updates. Consider implementing workarounds or temporary fixes.
🔧 Temporary Workarounds
Network Access Restriction
allRestrict network access to the warehouse application endpoints to trusted IP addresses only
Use firewall rules to limit access to the application port (e.g., 8080, 8443) to authorized networks
Authentication Enforcement
allImplement additional authentication layer or API gateway with strict access controls
Configure reverse proxy with authentication (e.g., nginx with auth_basic, Apache with mod_auth)
🧯 If You Can't Patch
- Implement network segmentation to isolate the warehouse application from untrusted networks
- Enable detailed logging and monitoring of all customer endpoint access attempts
🔍 How to Verify
Check if Vulnerable:
Check if your deployment uses yeqifu warehouse commit aaf29962ba407d22d991781de28796ee7b4670e4 or earlier by examining the git commit history or build metadataCheck Version:
git log --oneline -1Verify Fix Applied:
Test customer endpoint access controls by attempting unauthorized operations with different user roles📡 Detection & Monitoring
Log Indicators:
- Unauthorized access attempts to /customer endpoints
- Multiple failed authentication attempts followed by successful customer operations
- Customer data modifications from unexpected user accounts or IP addresses
Network Indicators:
- Unusual patterns of POST/PUT/DELETE requests to customer endpoints
- Requests bypassing normal authentication flows
SIEM Query:
source="warehouse.log" AND (uri_path="/customer" OR uri_path="/customer/*") AND (http_method="POST" OR http_method="PUT" OR http_method="DELETE") AND user="anonymous"