CVE-2026-2075 identifies an improper access control vulnerability in the yeqifu warehouse software, specifically within the saveRolePermission function of the RoleController.java file. This function is responsible for handling role-permission bindings, a critical security component that governs user privileges within the system. The vulnerability arises because the function does not adequately verify whether the requesting user has the appropriate authorization to modify role permissions. Consequently, an attacker with limited privileges can remotely invoke this function to alter role permissions improperly, potentially escalating their privileges or granting unauthorized access to sensitive system functions. The vulnerability is remotely exploitable over the network without requiring user interaction, increasing its risk profile. The product employs a rolling release model, complicating version tracking and patch management, and no official patch or updated version has been released yet. The flaw was reported early to the project maintainers, but no response or remediation has been provided. Public exploit code is available, which could facilitate attacks by malicious actors. The CVSS 4.0 base score is 5.3 (medium severity), reflecting the network attack vector, low attack complexity, no privileges required, no user interaction, and low impact on confidentiality, integrity, and availability. However, the improper access control could lead to unauthorized privilege changes, which may have significant operational consequences depending on deployment context.

For European organizations, this vulnerability poses a risk of unauthorized privilege escalation within yeqifu warehouse deployments, potentially allowing attackers to manipulate role permissions and gain elevated access. This could lead to unauthorized data access, modification, or disruption of warehouse operations. Organizations relying on yeqifu warehouse for critical supply chain or inventory management functions may experience operational disruptions or data integrity issues. The availability of public exploit code increases the likelihood of exploitation attempts, especially in environments where the software is exposed to untrusted networks. The medium severity rating suggests moderate risk, but the actual impact depends on the sensitivity of the data and systems managed by yeqifu warehouse. European entities with regulatory obligations around data protection and access controls (e.g., GDPR compliance) could face compliance risks if unauthorized access leads to data breaches. The lack of an official patch necessitates immediate compensating controls to mitigate risk. Attackers exploiting this vulnerability could target organizations in sectors such as manufacturing, logistics, and retail, where warehouse management systems are critical.

1. Conduct immediate access control audits on yeqifu warehouse deployments to identify and restrict permissions related to role and permission management functions. 2. Implement network segmentation to isolate warehouse management systems from untrusted networks and limit remote access to trusted administrators only. 3. Monitor logs and alerts for unusual or unauthorized changes to role permissions, employing SIEM tools to detect anomalous behavior. 4. Employ multi-factor authentication and strict identity verification for users with permission management capabilities to reduce risk of compromised accounts. 5. If feasible, temporarily disable or restrict access to the saveRolePermission function or related APIs until a patch is available. 6. Engage with yeqifu project maintainers or community to track patch releases or mitigations. 7. Consider deploying web application firewalls (WAFs) or intrusion prevention systems (IPS) with custom rules to detect and block exploit attempts targeting this function. 8. Educate administrators about the vulnerability and the importance of cautious permission management. 9. Maintain up-to-date backups and incident response plans to quickly recover from potential exploitation. 10. Review and harden overall role-based access control policies to minimize privilege exposure.