CVE-2026-0574— yeqifu warehouse Request UserController.java saveUserRole improper authorization
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-0574
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
yeqifu warehouse Request UserController.java saveUserRole improper authorization
Source: NVD (National Vulnerability Database)
Vulnerability Description
A weakness has been identified in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. This affects the function saveUserRole of the file warehouse\src\main\java\com\yeqifu\sys\controller\UserController.java of the component Request Handler. This manipulation causes improper authorization. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be used for attacks. This product adopts a rolling release strategy to maintain continuous delivery. Therefore, version details for affected or updated releases cannot be specified.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Source: NVD (National Vulnerability Database)
Vulnerability Type
授权机制不恰当
Source: NVD (National Vulnerability Database)
Vulnerability Title
warehouse 授权问题漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
warehouse是yeqifu个人开发者的一个基于spring boot的中小型仓库物流管理系统。 warehouse存在授权问题漏洞,该漏洞源于文件warehousesrcmainjavacomyeqifusyscontrollerUserController.java中函数saveUserRole的授权不当,可能导致权限提升。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2026-0574
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-0574
请登录查看更多情报信息。
- https://vuldb.com/?submit.729374third-party-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2026-0574
IV. Related Vulnerabilities
Same product: warehouse
- CVE-2026-2852
yeqifu warehouse Sales Endpoint SalesController.java deleteS - CVE-2026-2851
yeqifu warehouse Inport Endpoint InportController.java delet - CVE-2026-2850
yeqifu warehouse Customer Endpoint CustomerController.java d - CVE-2026-2849
yeqifu warehouse Cache Sync CacheController.java syncCache a - CVE-2026-2107
yeqifu warehouse Log Info LoginfoController.java batchDelete
Same vendor: yeqifu
- CVE-2026-2852
yeqifu warehouse Sales Endpoint SalesController.java deleteS - CVE-2026-2851
yeqifu warehouse Inport Endpoint InportController.java delet - CVE-2026-2850
yeqifu warehouse Customer Endpoint CustomerController.java d - CVE-2026-2849
yeqifu warehouse Cache Sync CacheController.java syncCache a - CVE-2026-2107
yeqifu warehouse Log Info LoginfoController.java batchDelete
Same weakness: CWE-285
- CVE-2026-8241
Industrial Application Software IAS Canias ERP RMI iasGetSer - CVE-2026-42202
nova-toggle-5: Improper authorization on toggle endpoint all - CVE-2026-33823
Microsoft Team Events Portal Information Disclosure Vulnerab - CVE-2026-41572
Note Mark: Unauthenticated read of notes and assets in soft- - CVE-2026-7713
crocodilestick Calibre-Web-Automated Kobo auth-token Route k
V. Comments for CVE-2026-0574
No comments yet