CVE-2026-2669 identifies an improper access control vulnerability in the Rongzhitong Visual Integrated Command and Dispatch Platform version 20260206 and earlier. The vulnerability is located in the User Handler component, specifically in the /dm/dispatch/user/delete endpoint, where manipulation of the ID parameter allows unauthorized remote attackers to perform deletion operations without authentication or user interaction. This lack of proper authorization checks means that an attacker can remotely invoke this function to delete user accounts or potentially disrupt user management processes. The vulnerability has been publicly disclosed, and exploit code is available, although no known active exploitation in the wild has been reported yet. The vendor has not responded to disclosure attempts and has not provided patches, leaving systems exposed. The CVSS 4.0 base score is 6.9 (medium severity), reflecting the network attack vector, low attack complexity, no privileges or user interaction required, and impacts on integrity and availability. Given the platform's role in command and dispatch operations, exploitation could lead to unauthorized user deletions, disrupting operational continuity and potentially causing denial of service or loss of control over dispatch functions. The absence of authentication requirements and the remote nature of the exploit make this vulnerability particularly concerning for critical infrastructure relying on this platform.

For European organizations, especially those in public safety, emergency services, or critical infrastructure sectors using the Rongzhitong Visual Integrated Command and Dispatch Platform, this vulnerability poses a significant risk. Exploitation could lead to unauthorized deletion of user accounts, potentially disabling legitimate users from accessing the system or disrupting command and dispatch workflows. This can degrade operational effectiveness, delay emergency responses, and compromise public safety. The integrity of user management is compromised, and availability may be affected if key accounts are deleted or system functions are disrupted. Given the platform’s role in integrated command and dispatch, such disruptions could have cascading effects on coordinated responses and critical decision-making processes. The lack of vendor response and patches increases the risk exposure for European entities relying on this software. Additionally, the public availability of exploit information raises the likelihood of opportunistic attacks targeting unpatched systems.

1. Implement strict network segmentation to isolate the Rongzhitong platform from general network access, restricting access to trusted management networks only. 2. Deploy Web Application Firewalls (WAFs) or Intrusion Prevention Systems (IPS) with custom rules to detect and block requests targeting the /dm/dispatch/user/delete endpoint, especially those with suspicious or malformed ID parameters. 3. Enforce strong access control policies at the network and application layers, including IP whitelisting and VPN requirements for administrative access. 4. Monitor logs and network traffic for unusual deletion requests or repeated access attempts to the vulnerable endpoint. 5. If possible, disable or restrict the /dm/dispatch/user/delete functionality until a vendor patch is available. 6. Engage with the vendor or third-party security providers to seek patches or mitigations, and consider alternative platforms if the vendor remains unresponsive. 7. Conduct regular security audits and penetration testing focused on access control mechanisms within the platform. 8. Educate operational staff about the risks and signs of exploitation to ensure rapid detection and response.