PT-2026-26309 · Unknown · Opexus Ecomplaint

Adam Rose

Published

2026-03-19

Updated

2026-03-23

CVE-2026-32867

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions OPEXUS eComplaint versions prior to 10.1.0.0

Description An unauthenticated attacker can obtain or guess an existing case number and upload arbitrary files via the 'Portal/EEOC/DocumentUploadPub.aspx' endpoint. Uploading a large number of files could consume storage, and users would see these unexpected files in cases. The vulnerable parameter is the file uploaded through the specified endpoint.

Recommendations Update OPEXUS eComplaint to version 10.1.0.0 or later.

Fix

IDOR

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-425CWE-639

Related Identifiers

CVE-2026-32867

Affected Products

Opexus Ecomplaint

PT-2026-26309 · Unknown · Opexus Ecomplaint

CVE-2026-32867

Weakness Enumeration

Related Identifiers

Affected Products

References · 6