PT-2026-2172 · Opexus · Opexus Ecase+1

Aaron M. Ramirez

Published

2026-01-08

Updated

2026-01-26

CVE-2026-22230

CVSS v3.1

7.6

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L

Name of the Vulnerable Software and Affected Versions OPEXUS eCASE Audit versions prior to 11.14.1.0

Description An authenticated attacker can modify client-side JavaScript or craft HTTP requests to access functions or buttons that have been disabled or blocked by an administrator. The issue involves incorrect access control.

Recommendations Update to eCASE Platform version 11.14.1.0 or later.

Fix

LPE

Incorrect Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-863

Related Identifiers

CVE-2026-22230

Affected Products

Opexus Ecase

Ecase Platform

PT-2026-2172 · Opexus · Opexus Ecase+1

CVE-2026-22230

Weakness Enumeration

Related Identifiers

Affected Products

References · 9