CVE-2026-22230 HIGH

CVE-2026-22230: OPEXUS eCASE Audit incorrect access control

Vendor Opexus

Product eCASE Audit

Weakness CWE-863 · Incorrect authorization

Published January 8, 2026

Last update January 16, 2026

View on NVD All CVEs

CVSS base score

7.6/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality High

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L

What the vulnerability does

01Description

OPEXUS eCASE Audit allows an authenticated attacker to modify client-side JavaScript or craft HTTP requests to access functions or buttons that have been disabled or blocked by an administrator. Fixed in eCASE Platform 11.14.1.0.

Key dates

02Disclosure timeline

January 8, 2026 CVE published

January 16, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2026-22230 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/863.html

Related vulnerabilities

CVE-2026-22230: OPEXUS eCASE Audit incorrect access control

01Description

02Disclosure timeline

03References

04Related CVE