CVE-2026-22230 OPEXUS CVE debrief

Who should care

Administrators and users of OPEXUS eCASE Audit, particularly those using versions 11.4.0 to 11.14.1.0, should be aware of this vulnerability and take steps to upgrade to a fixed version. This vulnerability requires authentication and allows attackers to bypass access controls, potentially leading to unauthorized access to sensitive functions or data.

Technical summary

CVE-2026-22230 is a vulnerability in OPEXUS eCASE Audit that allows an authenticated attacker to modify client-side JavaScript or craft HTTP requests to access functions or buttons that have been disabled or blocked by an administrator. The vulnerability has a CVSS score of 7.6 and is classified as HIGH severity. The issue arises from inadequate access control mechanisms in the affected versions of eCASE Audit. The Common Vulnerability Scoring System (CVSS) vector for this vulnerability is CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L.

Defensive priority

This vulnerability should be prioritized for remediation due to its HIGH severity and potential impact on access control. Administrators should upgrade to version 11.14.1.0 or later as soon as possible to mitigate the risk.

Recommended defensive actions

• Upgrade to eCASE Platform 11.14.1.0 or later
• Review and restrict access to sensitive functions and data
• Monitor for suspicious activity and unauthorized access attempts
• Implement additional security measures, such as web application firewalls and intrusion detection systems
• Verify the integrity of client-side JavaScript and HTTP requests

Evidence notes

The vulnerability is documented in the CISA CSAF file and the CVE record. The source item URL provides additional details on the affected products and versions. The NVD detail page also provides information on the vulnerability.

Official resources