anonhaven
Ad

CVE-2026-32867

MEDIUM CVSS 4.0: 5.3 EPSS 0.08%
Updated Mar 30, 2026
Opexustech
Parameter Value
CVSS 5.3 (MEDIUM)
Affected Versions before 10.1.0.0
Fixed In 10.1.0.0
Type CWE-639 (Authorization Bypass), CWE-425 (Direct Request / Forced Browsing)
Vendor Opexustech
Public PoC No

OPEXUS eComplaint before version 10.1.0.0 allows an unauthenticated attacker to obtain or guess an existing case number and upload arbitrary files via 'Portal/EEOC/DocumentUploadPub.aspx'. Users would see these unexpected files in cases. Uploading a large number of files could consume storage.

Attack Parameters

Attack Vector
Network
Can be exploited remotely
Attack Complexity
Low
Easy to exploit
Attack Requirements
None
No additional conditions
Privileges Required
None
No privileges needed
User Interaction
Passive
Minimal interaction

Impact Assessment

Confidentiality
None
No data leak
Integrity
Low
Partial data modification
Availability
Low
Partial disruption

CVSS Vector v4.0

Weakness Type (CWE)

CWE-639 Authorization Bypass
CWE-425 Direct Request / Forced Browsing

Vulnerable Products 1

Configuration From (including) Up to (excluding)
Opexustech Ecase_Ecomplaint
cpe:2.3:a:opexustech:ecase_ecomplaint:*:*:*:*:*:*:*:*
 10.1.0.0

References 2

https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025…
9119a7d8-5eab-497f-8521-727c672e3725
https://www.cve.org/CVERecord?id=CVE-2026-32867
9119a7d8-5eab-497f-8521-727c672e3725
Share Post Share Share Share

Related Vulnerabilities

CVE-2026-32869

Opexustech

5.1

CVE-2026-32868

Opexustech

5.1

CVE-2026-32866

Opexustech

5.1

CVE-2026-32865

Opexustech

9.2

CVE-2026-22230

Opexustech

7.2