Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.
5.3

Yeqifu Warehouse Has a Security Risk in Data Handling

CVE-2026-2851
Summary

A vulnerability in Yeqifu Warehouse's data handling system could allow unauthorized access to sensitive information. This means someone with the right tools could potentially view or alter data they shouldn't be able to. We recommend checking with the vendor for an update, as the exact version affected is unclear.

What to do

No fix is available yet. Check with your software vendor for updates.

Affected software
VendorProductAffected versionsFix available
yeqifu warehouse <= 2025-10-06 –
Original title
A vulnerability was determined in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. This vulnerability affects the function addInport/updateInport/deleteInport of the file dataset\re...
Original description
A vulnerability was determined in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. This vulnerability affects the function addInport/updateInport/deleteInport of the file dataset\repos\warehouse\src\main\java\com\yeqifu\bus\controller\InportController.java of the component Inport Endpoint. Executing a manipulation can lead to improper access controls. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. This product implements a rolling release for ongoing delivery, which means version information for affected or updated releases is unavailable. The project was informed of the problem early through an issue report but has not responded yet.
nvd CVSS2.0 6.5
nvd CVSS3.1 5.3
nvd CVSS4.0 5.3
Vulnerability type
CWE-266 Incorrect Privilege Assignment
CWE-284 Improper Access Control
Published: 20 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026