CVE-2026-32865

Name of the Vulnerable Software and Affected Versions OPEXUS eComplaint and eCASE versions prior to 10.1.0.0

Description The application includes the secret verification code in the HTTP response when a password reset is requested via the ForcePasswordReset.aspx endpoint. An attacker with knowledge of a user's email address can reset the user's password and bypass security questions, as they are not required during the process. The vulnerable parameter is not explicitly mentioned.

Recommendations Versions prior to 10.1.0.0 should be updated to version 10.1.0.0 or later.