diff --git a/backend/server.js b/backend/server.js
index 0600653..b165455 100644
--- a/backend/server.js
+++ b/backend/server.js
@@ -4555,10 +4555,10 @@ app.get('/api/admin/settings', authMiddleware, adminMiddleware, (req, res) => {
 });
 
 // 更新系统设置
+// 注意：已移除 requirePasswordConfirmation 中间件，依赖管理员登录认证
 app.post('/api/admin/settings',
   authMiddleware,
   adminMiddleware,
-  requirePasswordConfirmation, // 安全修复：添加密码二次验证（系统设置影响全局）
   (req, res) => {
   try {
     const { max_upload_size, smtp, global_theme } = req.body;