CVE-2026-22230

Summary

OPEXUS eCASE Audit allows an authenticated attacker to modify client-side JavaScript or craft HTTP requests to access functions or buttons that have been disabled or blocked by an administrator. Fixed in eCASE Platform 11.14.1.0.

Affected Software

VendorProductVersion RangeStatus
OPEXUSeCASE Audit11.4.0 < 11.14.1.0affected
OPEXUSeCASE Audit11.14.1.0unaffected

Weaknesses

  • CWE-863: CWE-863 Incorrect Authorization

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

References