CVE-2026-0574 identifies an improper authorization vulnerability in the yeqifu warehouse software, specifically within the saveUserRole function of the UserController.java component. This flaw arises because the function does not adequately verify whether the requesting user has sufficient privileges to modify user roles. As a result, an attacker with low-level privileges can remotely invoke this function to alter user roles, potentially escalating their access rights or disrupting role assignments. The vulnerability is exploitable remotely without requiring user interaction or elevated privileges beyond a low-level authenticated user, making it easier to exploit in environments where such access is possible. The product’s rolling release strategy means that affected versions cannot be precisely enumerated, complicating patch management and vulnerability tracking. Although no active exploitation in the wild has been reported, a public exploit is available, increasing the risk of future attacks. The CVSS 4.0 score of 5.3 reflects a medium severity, considering the ease of remote exploitation and the potential impact on system integrity and confidentiality. The vulnerability affects the request handler component responsible for managing user roles, a critical security function. Organizations using yeqifu warehouse should review access controls and implement compensating controls until patches or updates are available.

For European organizations, exploitation of this vulnerability could lead to unauthorized privilege escalation within the yeqifu warehouse system, allowing attackers to manipulate user roles and gain elevated access. This can compromise the confidentiality of sensitive data managed by the warehouse system, affect the integrity of role-based access controls, and potentially disrupt availability if roles are altered maliciously. Organizations in sectors relying on yeqifu warehouse for inventory or supply chain management could face operational disruptions and data breaches. The medium severity rating indicates a moderate risk, but the availability of a public exploit increases the urgency of mitigation. The rolling release model complicates patching, potentially prolonging exposure. European companies with integrated supply chains or critical infrastructure dependencies on this software are particularly vulnerable to targeted attacks leveraging this flaw.

1. Immediately audit and restrict access to the saveUserRole function, ensuring only fully authorized administrators can invoke it. 2. Implement additional authorization checks at the application or network level to validate user privileges before role modifications. 3. Monitor logs for unusual or unauthorized attempts to change user roles, enabling rapid detection of exploitation attempts. 4. Employ network segmentation to limit access to the yeqifu warehouse management interfaces from untrusted networks. 5. Engage with yeqifu vendor support channels to obtain patches or updates as they become available, given the rolling release strategy. 6. Consider deploying Web Application Firewalls (WAF) with custom rules to detect and block suspicious requests targeting the vulnerable endpoint. 7. Conduct regular security assessments and penetration tests focusing on authorization controls within the warehouse system. 8. Educate system administrators about the risks of improper authorization and the importance of strict role management policies.