Description
A vulnerability was determined in Rongzhitong Visual Integrated Command and Dispatch Platform up to 20260206. This impacts an unknown function of the file /dm/dispatch/user/delete of the component User Handler. This manipulation of the argument ID causes improper access controls. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
Published: 2026-02-18
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Remote privileged user deletion via authorization bypass
Action: Patch
AI Analysis

Impact

A flaw was discovered in the Visual Integrated Command and Dispatch Platform that allows attackers to manipulate the ID parameter in the "/dm/dispatch/user/delete" endpoint. This manipulation overrides the platform’s access control, enabling an attacker to delete user accounts remotely. The vulnerability results in an authorization bypass that compromises the integrity of the user management subsystem and potentially facilitates further privilege escalation.

Affected Systems

The vulnerability affects Rongzhitong’s Visual Integrated Command and Dispatch Platform releases up to February 6 2026. It resides in the User Handler component responsible for processing deletion requests, but the vendor has not published specific patch versions or affected sub‑versions.

Risk and Exploitability

The CVSS score of 6.9 indicates moderate severity, while the EPSS score of less than 1 % suggests a low probability of exploitation in the wild. The vulnerability is publicly disclosed and can be exploited over the network, yet it has not been listed in the CISA KEV catalog, meaning it has not been recorded as part of a known exploitation campaign. However, the absence of a vendor fix and the remote nature of the attack elevate the risk for organizations running the vulnerable release.

Generated by OpenCVE AI on April 17, 2026 at 18:27 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply any vendor‑issued patch or upgrade to a non‑vulnerable version of the Visual Integrated Command and Dispatch Platform as soon as it becomes available.
  • Enforce strict role‑based access control on the "/dm/dispatch/user/delete" endpoint, ensuring only privileged administrators may perform deletions.
  • Restrict network exposure of the delete endpoint by limiting access to trusted internal networks or VPNs, and consider blocking it from external reach if not required.
  • If a patch is not yet available, temporarily disable or lock the delete functionality until remediation is applied.

Generated by OpenCVE AI on April 17, 2026 at 18:27 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 26 Feb 2026 20:45:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:rongzhitong:visual_integrated_command_and_dispatch_platform:*:*:*:*:*:*:*:*

Fri, 20 Feb 2026 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 19 Feb 2026 10:30:00 +0000

Type Values Removed Values Added
First Time appeared Rongzhitong
Rongzhitong visual Integrated Command And Dispatch Platform
Vendors & Products Rongzhitong
Rongzhitong visual Integrated Command And Dispatch Platform

Wed, 18 Feb 2026 21:30:00 +0000

Type Values Removed Values Added
Description A vulnerability was determined in Rongzhitong Visual Integrated Command and Dispatch Platform up to 20260206. This impacts an unknown function of the file /dm/dispatch/user/delete of the component User Handler. This manipulation of the argument ID causes improper access controls. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
Title Rongzhitong Visual Integrated Command and Dispatch Platform User delete access control
Weaknesses CWE-266
CWE-284
References
Metrics cvssV2_0

{'score': 6.4, 'vector': 'AV:N/AC:L/Au:N/C:N/I:P/A:P/E:POC/RL:W/RC:UR'}

cvssV3_0

{'score': 6.5, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:P/RL:W/RC:R'}

cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:P/RL:W/RC:R'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Rongzhitong Visual Integrated Command And Dispatch Platform
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-02-23T10:25:03.419Z

Reserved: 2026-02-18T09:10:18.617Z

Link: CVE-2026-2669

cve-icon Vulnrichment

Updated: 2026-02-20T19:34:09.843Z

cve-icon NVD

Status : Analyzed

Published: 2026-02-18T22:16:27.177

Modified: 2026-02-26T20:31:05.987

Link: CVE-2026-2669

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-17T18:30:05Z

Weaknesses