Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.
5.3

Yeqifu Warehouse Unsecured Sales Data Function

CVE-2026-2852
Summary

A security issue in Yeqifu Warehouse's sales data management function allows unauthorized access and potentially malicious changes to sales data. This could happen remotely and affects the security of sensitive business information. Until a fix is released, consider alternative sales data management options or temporary workarounds to maintain data integrity.

What to do

No fix is available yet. Check with your software vendor for updates.

Affected software
VendorProductAffected versionsFix available
yeqifu warehouse <= 2025-10-06 –
Original title
A vulnerability was identified in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. This issue affects the function addSales/updateSales/deleteSales of the file dataset\repos\warehou...
Original description
A vulnerability was identified in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. This issue affects the function addSales/updateSales/deleteSales of the file dataset\repos\warehouse\src\main\java\com\yeqifu\bus\controller\SalesController.java of the component Sales Endpoint. The manipulation leads to improper access controls. The attack is possible to be carried out remotely. The exploit is publicly available and might be used. This product adopts a rolling release strategy to maintain continuous delivery. Therefore, version details for affected or updated releases cannot be specified. The project was informed of the problem early through an issue report but has not responded yet.
nvd CVSS2.0 6.5
nvd CVSS3.1 6.3
nvd CVSS4.0 5.3
Vulnerability type
CWE-266 Incorrect Privilege Assignment
CWE-284 Improper Access Control
Published: 20 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026