CVE-2026-2851 is an access control vulnerability identified in the yeqifu warehouse software, specifically within the Inport Endpoint controller functions addInport, updateInport, and deleteInport. These functions are responsible for managing inbound inventory operations. The vulnerability arises due to improper enforcement of access controls, allowing remote attackers with limited privileges (PR:L) to execute these functions without requiring user interaction (UI:N). The CVSS 4.0 vector indicates network attack vector (AV:N), low attack complexity (AC:L), no authentication required (AT:N), and low impact on confidentiality, integrity, and availability (VC:L, VI:L, VA:L). The flaw allows unauthorized manipulation of warehouse data, potentially leading to data tampering or disruption of inventory management processes. The product's rolling release model complicates version tracking and patch management. Despite early notification, the vendor has not yet issued a patch or response. The vulnerability has been publicly disclosed, increasing the risk of exploitation, although no active exploits have been reported to date.

The vulnerability can lead to unauthorized access and manipulation of critical warehouse inventory data, potentially causing inaccurate stock records, financial discrepancies, and operational disruptions. Attackers exploiting this flaw could add, update, or delete inbound inventory records, undermining data integrity and availability. This can affect supply chain reliability, lead to shipment errors, and damage organizational trust. Confidentiality impact is limited but present if sensitive inventory data is exposed or altered. The medium severity rating reflects the balance between ease of exploitation and the limited but meaningful impact on business operations. Organizations relying on yeqifu warehouse for inventory management are at risk of operational and reputational damage if this vulnerability is exploited.

Organizations should immediately audit and tighten access control policies around the Inport Endpoint functions, ensuring only authorized roles can perform add, update, or delete operations. Implement multi-factor authentication and role-based access control (RBAC) to restrict access. Network segmentation can limit exposure of the warehouse management system to trusted internal networks. Monitor logs for unusual activity related to inventory operations. Since no patch is currently available, consider deploying web application firewalls (WAFs) with custom rules to detect and block suspicious requests targeting the vulnerable endpoints. Engage with the vendor for updates and apply patches promptly once released. Additionally, conduct regular security assessments and penetration testing focused on access control mechanisms within the warehouse system.