CVE-2026-2105 is an improper authorization vulnerability identified in the yeqifu warehouse software, specifically within the Department Management component's addDept, updateDept, and deleteDept functions in DeptController.java. This flaw allows an attacker to perform unauthorized operations on department data by bypassing intended access controls. The vulnerability is remotely exploitable and requires low privileges (PR:L), meaning the attacker must have some authenticated access but no elevated privileges. No user interaction is needed, and the attack vector is network-based (AV:N). The vulnerability impacts confidentiality, integrity, and availability at a low level, as unauthorized modifications to department data could disrupt organizational operations or leak sensitive information. The software's rolling release approach means affected and fixed versions are not clearly delineated, and the vendor has not yet issued a patch or official response. An exploit has been published, increasing the risk of exploitation despite no current reports of active attacks. The CVSS 4.0 score of 5.3 reflects a medium severity, balancing ease of exploitation with limited scope and impact. Organizations relying on yeqifu warehouse should be aware of this vulnerability and implement compensating controls until a patch is available.

The improper authorization vulnerability in yeqifu warehouse could allow attackers with low-level privileges to manipulate department data without proper authorization. This can lead to unauthorized creation, modification, or deletion of department records, potentially disrupting organizational workflows, causing data integrity issues, and leaking sensitive internal structure information. While the impact on confidentiality and availability is limited, integrity violations could affect business processes and decision-making. The remote exploitability and published exploit code increase the risk of targeted attacks, especially in environments where yeqifu warehouse is used for critical departmental management. Organizations may face operational disruptions, compliance risks, and reputational damage if exploited. The lack of vendor response and patch availability prolongs exposure, necessitating immediate mitigation efforts.

1. Implement strict access control policies restricting who can access department management functions, ensuring only trusted and necessary users have such privileges. 2. Employ network segmentation and firewall rules to limit access to the yeqifu warehouse application, especially restricting access to the DeptController endpoints. 3. Monitor logs and audit trails for unusual activity related to department creation, updates, or deletions to detect potential exploitation attempts early. 4. Use Web Application Firewalls (WAFs) to detect and block suspicious requests targeting the vulnerable functions. 5. Engage in proactive vulnerability scanning and penetration testing focused on authorization controls within the application. 6. Contact the vendor or maintainers for updates and patches, and plan for rapid deployment once available. 7. Consider temporary compensating controls such as disabling or restricting the affected functions if feasible until a patch is released. 8. Educate internal users about the risk and encourage reporting of suspicious behavior related to department management.