CVE-2026-2669 identifies an improper access control vulnerability in the Rongzhitong Visual Integrated Command and Dispatch Platform up to version 20260206. The issue lies in the /dm/dispatch/user/delete endpoint within the User Handler component, where manipulation of the ID parameter allows unauthorized deletion of user accounts. This vulnerability does not require authentication, user interaction, or privileges, and can be exploited remotely over the network with low complexity. The improper access control means that the system fails to verify whether the requesting entity has the necessary permissions to perform user deletions, leading to potential unauthorized administrative actions. The vendor was contacted early but has not responded or provided patches, and exploit details have been publicly disclosed, increasing the risk of exploitation. The CVSS v4.0 base score is 6.9 (medium severity), reflecting the moderate impact on confidentiality, integrity, and availability, with no scope change or user interaction needed. The vulnerability could allow attackers to disrupt operations by deleting critical user accounts, potentially causing denial of service or loss of administrative control in command and dispatch environments. Given the nature of the platform, which is likely used in public safety, emergency response, or similar critical infrastructure sectors, the impact could be significant if exploited.

The vulnerability allows remote attackers to delete user accounts without authentication or privileges, directly impacting system integrity and availability. Unauthorized user deletions can disrupt operational continuity, especially in command and dispatch systems where user roles and access are critical for managing emergency responses or public safety operations. This could lead to denial of service conditions, loss of administrative control, or unauthorized access if attackers remove legitimate users and potentially create or escalate accounts through chained attacks. The confidentiality impact is limited, but integrity and availability impacts are moderate to high depending on the deployment context. Organizations relying on this platform for critical operations may face operational disruptions, reputational damage, and potential safety risks. The lack of vendor response and public exploit availability increases the likelihood of active exploitation attempts.

Since no official patch or vendor response is available, organizations should implement compensating controls immediately. These include restricting network access to the affected endpoint (/dm/dispatch/user/delete) via firewalls or network segmentation to trusted administrators only. Implement strict monitoring and alerting on user deletion activities and anomalous API calls. Employ Web Application Firewalls (WAFs) with custom rules to detect and block unauthorized requests targeting the vulnerable endpoint. Conduct thorough audits of user accounts and permissions to identify unauthorized deletions or suspicious activity. If possible, disable or restrict the vulnerable functionality until a patch is released. Engage with Rongzhitong for updates and consider alternative solutions if the risk cannot be mitigated adequately. Regular backups of user data and configurations should be maintained to enable recovery from malicious deletions. Finally, educate administrators about the vulnerability and encourage vigilance against suspicious activities.