CVE-2026-22234

Name of the Vulnerable Software and Affected Versions OPEXUS eCasePortal versions prior to 9.0.45.0

Description OPEXUS eCasePortal allows an unauthenticated attacker to access and manipulate user-uploaded files. An attacker can navigate to the ''Attachments.aspx'' endpoint and, by iterating through predictable values of the formid parameter, download or delete existing files, and upload new ones. The issue stems from an Insecure Direct Object Reference (IDOR) condition.

Recommendations Versions prior to 9.0.45.0 should be updated to version 9.0.45.0 or later.