CVE-2026-2668 identifies an improper access control vulnerability in the Rongzhitong Visual Integrated Command and Dispatch Platform, specifically affecting the /dm/dispatch/user/add function within the User Handler component. This flaw allows remote attackers to bypass authentication and authorization mechanisms, enabling unauthorized manipulation of user-related operations. The vulnerability is exploitable over the network without requiring any privileges or user interaction, increasing its risk profile. The CVSS 4.0 base score of 6.9 reflects a medium severity, considering the ease of exploitation and the potential impact on confidentiality, integrity, and availability, albeit with limited scope and no privilege escalation. The vendor has not issued a patch or official response, despite early notification, and a public exploit has been disclosed, raising the risk of exploitation. The platform is typically used in command and dispatch environments, which are critical for public safety and emergency response, making this vulnerability particularly sensitive. The lack of authentication requirements and the ability to remotely trigger the flaw mean attackers could potentially add or manipulate user accounts or dispatch commands, disrupting operations or gaining further access. No mitigations or patches have been published, necessitating immediate defensive measures by affected organizations.

The vulnerability could allow attackers to perform unauthorized actions on the command and dispatch platform, potentially leading to unauthorized access to sensitive operational data, manipulation of dispatch commands, or disruption of emergency response workflows. This could degrade the integrity and availability of critical public safety systems, causing delays or errors in emergency services. Confidentiality may also be compromised if attackers access sensitive user or operational data. The remote, unauthenticated nature of the exploit increases the likelihood of attacks, especially in environments exposed to untrusted networks. The absence of vendor patches and the existence of public exploits elevate the risk of exploitation. Organizations relying on this platform for critical infrastructure or emergency management face operational risks, reputational damage, and potential regulatory consequences if the vulnerability is exploited.

Since no official patch is available, organizations should implement immediate compensating controls. These include isolating the affected platform within a secure network segment with strict firewall rules limiting access to trusted IPs only. Employ network intrusion detection and prevention systems to monitor and block suspicious traffic targeting the /dm/dispatch/user/add endpoint. Enforce strong authentication and authorization policies at network and application layers where possible, including VPN access or zero-trust network access solutions. Conduct thorough logging and continuous monitoring of user management and dispatch-related activities to detect anomalies. Engage with the vendor for updates and consider alternative platforms if remediation is delayed. Additionally, conduct security awareness training for administrators to recognize and respond to potential exploitation attempts. Regularly review and update incident response plans to address potential exploitation scenarios involving this vulnerability.