{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-2668", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2026-02-18T09:10:15.714Z", "datePublished": "2026-02-18T20:32:08.579Z", "dateUpdated": "2026-02-23T10:20:19.689Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-02-23T10:20:19.689Z"}, "title": "Rongzhitong Visual Integrated Command and Dispatch Platform User add access control", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-284", "lang": "en", "description": "Improper Access Controls"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-266", "lang": "en", "description": "Incorrect Privilege Assignment"}]}], "affected": [{"vendor": "Rongzhitong", "product": "Visual Integrated Command and Dispatch Platform", "versions": [{"version": "20260206", "status": "affected"}], "modules": ["User Handler"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in Rongzhitong Visual Integrated Command and Dispatch Platform up to 20260206. This affects an unknown function of the file /dm/dispatch/user/add of the component User Handler. The manipulation results in improper access controls. The attack may be launched remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 6.9, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 7.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:W/RC:R", "baseSeverity": "HIGH"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 7.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:W/RC:R", "baseSeverity": "HIGH"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:W/RC:UR"}}], "timeline": [{"time": "2026-02-18T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2026-02-18T01:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2026-02-18T10:15:24.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "xxllyy (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.346465", "name": "VDB-346465 | Rongzhitong Visual Integrated Command and Dispatch Platform User add access control", "tags": ["vdb-entry"]}, {"url": "https://vuldb.com/?ctiid.346465", "name": "VDB-346465 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.753283", "name": "Submit #753283 | \u878d\u667a\u901a\u79d1\u6280\uff08\u5317\u4eac\uff09\u80a1\u4efd\u6709\u9650\u516c\u53f8 \u8c03\u5ea6\u5e73\u53f0 Latest version Unauthorized Access", "tags": ["third-party-advisory"]}, {"url": "https://github.com/21151213732/CVE/blob/main/VICDP-Unauthorized%20Access2.md", "tags": ["exploit"]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-18T21:22:58.398000Z", "id": "CVE-2026-2668", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-18T21:23:14.670Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-2668", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-02-18T21:22:58.398000Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-18T21:23:04.309Z"}}], "cna": {"title": "Rongzhitong Visual Integrated Command and Dispatch Platform User add access control", "credits": [{"lang": "en", "type": "reporter", "value": "xxllyy (VulDB User)"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 6.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 7.3, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:W/RC:R"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 7.3, "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:W/RC:R"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:W/RC:UR"}}], "affected": [{"vendor": "Rongzhitong", "modules": ["User Handler"], "product": "Visual Integrated Command and Dispatch Platform", "versions": [{"status": "affected", "version": "20260206"}]}], "timeline": [{"lang": "en", "time": "2026-02-18T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2026-02-18T01:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2026-02-18T10:15:24.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.346465", "name": "VDB-346465 | Rongzhitong Visual Integrated Command and Dispatch Platform User add access control", "tags": ["vdb-entry"]}, {"url": "https://vuldb.com/?ctiid.346465", "name": "VDB-346465 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.753283", "name": "Submit #753283 | \u878d\u667a\u901a\u79d1\u6280\uff08\u5317\u4eac\uff09\u80a1\u4efd\u6709\u9650\u516c\u53f8 \u8c03\u5ea6\u5e73\u53f0 Latest version Unauthorized Access", "tags": ["third-party-advisory"]}, {"url": "https://github.com/21151213732/CVE/blob/main/VICDP-Unauthorized%20Access2.md", "tags": ["exploit"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in Rongzhitong Visual Integrated Command and Dispatch Platform up to 20260206. This affects an unknown function of the file /dm/dispatch/user/add of the component User Handler. The manipulation results in improper access controls. The attack may be launched remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-284", "description": "Improper Access Controls"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-266", "description": "Incorrect Privilege Assignment"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-02-23T10:20:19.689Z"}}}, "cveMetadata": {"cveId": "CVE-2026-2668", "state": "PUBLISHED", "dateUpdated": "2026-02-23T10:20:19.689Z", "dateReserved": "2026-02-18T09:10:15.714Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2026-02-18T20:32:08.579Z", "assignerShortName": "VulDB"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:rongzhitong:visual_integrated_command_and_dispatch_platform:*:*:*:*:*:*:*:*", "matchCriteriaId": "9CF35D52-7BEE-4E00-BA8F-4D2A476D9730", "versionEndIncluding": "2026-02-06", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was found in Rongzhitong Visual Integrated Command and Dispatch Platform up to 20260206. This affects an unknown function of the file /dm/dispatch/user/add of the component User Handler. The manipulation results in improper access controls. The attack may be launched remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way."}, {"lang": "es", "value": "Se encontr\u00f3 una vulnerabilidad en la Plataforma de Comando y Despacho Integrado Visual Rongzhitong hasta 20260206. Esto afecta una funci\u00f3n desconocida del archivo /dm/dispatch/user/add del componente User Handler. Se se manipula se puede lograr realizar controles de acceso inadecuados. El ataque puede ser lanzado en remoto. El exploit ha sido hecho p\u00fablico y podr\u00eda ser usado. Se contact\u00f3 pronto con el proveedor sobre esta divulgaci\u00f3n pero no respondi\u00f3 de ninguna manera."}], "id": "CVE-2026-2668", "lastModified": "2026-04-29T01:00:01.613", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.4, "source": "cna@vuldb.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2026-02-18T21:16:25.450", "references": [{"source": "cna@vuldb.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/21151213732/CVE/blob/main/VICDP-Unauthorized%20Access2.md"}, {"source": "cna@vuldb.com", "tags": ["Permissions Required", "VDB Entry"], "url": "https://vuldb.com/?ctiid.346465"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?id.346465"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?submit.753283"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-266"}, {"lang": "en", "value": "CWE-284"}], "source": "cna@vuldb.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "20260206"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "Visual Integrated Command and Dispatch Platform", "source": "cna", "vendor": "Rongzhitong"}, "product": "visual_integrated_command_and_dispatch_platform", "vendor": "rongzhitong"}], "analysis": {"en": {"generated_at": "2026-04-17T18:29:52.355526+00:00", "value": {"mitigation_remediation": ["Deploy the latest vendor patch or upgrade to a release newer than 20260206 that addresses the user addition access control issue.", "If an update is unavailable, apply network or web\u2011application firewall rules to block or restrict remote access to the /dm/dispatch/user/add endpoint.", "Implement stringent authentication and authorization checks for all endpoints that create or modify user accounts, ensuring that only privileged users can perform such actions.", "Monitor system logs for unexpected or unauthorized user creation events and investigate any anomalies promptly."], "summary": {"action": "Immediate Patch", "impact": "Unauthorized User Creation / Privilege Escalation"}, "threat_synthesis": {"affected_systems": "The vulnerability affects the Rongzhitong Visual Integrated Command and Dispatch Platform, with all releases up to and including version 20260206 being potentially susceptible. No specific patch version is listed in the CNA data.", "description_and_impact": "An access control flaw exists in the user addition endpoint (/dm/dispatch/user/add) of the Rongzhitong Visual Integrated Command and Dispatch Platform. The flaw allows an attacker who can reach the component remotely to create user accounts or elevate privileges without proper authorization checks, effectively bypassing the intended access controls. The vulnerability is classified as improper access control (CWE\u2011284) and authorization bypass through privilege escalation (CWE\u2011266).", "risk_and_exploitability": "The CVSS score of 6.9 indicates a moderate severity. The EPSS score of less than 1% suggests a very low yet non\u2011zero exploitation probability at the time of assessment. The vulnerability is currently not listed in CISA\u2019s Known Exploited Vulnerabilities catalog. Based on the description, the attack vector is remote, meaning an adversary can trigger the flaw from outside the protected network without local access. Given its moderate severity and low exploitation likelihood, the overall risk is moderate but warrants timely mitigation to prevent potential abuse of the access controls."}}}}, "created": "2026-02-19T10:11:19.414896+00:00", "updated": "2026-04-17T18:30:05.664192+00:00", "vendors": ["rongzhitong", "rongzhitong$PRODUCT$visual_integrated_command_and_dispatch_platform"]}