{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-22230", "assignerOrgId": "9119a7d8-5eab-497f-8521-727c672e3725", "state": "PUBLISHED", "assignerShortName": "cisa-cg", "dateReserved": "2026-01-06T21:51:19.140Z", "datePublished": "2026-01-08T17:10:03.179Z", "dateUpdated": "2026-01-16T18:04:14.143Z"}, "containers": {"cna": {"descriptions": [{"lang": "en", "value": "OPEXUS eCASE Audit allows an authenticated attacker to modify client-side JavaScript or craft HTTP requests to access functions or buttons that have been disabled or blocked by an administrator. Fixed in eCASE Platform 11.14.1.0."}], "affected": [{"vendor": "OPEXUS", "product": "eCASE Audit", "defaultStatus": "unknown", "versions": [{"version": "11.4.0", "status": "affected", "lessThan": "11.14.1.0", "versionType": "custom"}, {"version": "11.14.1.0", "status": "unaffected"}]}], "problemTypes": [{"descriptions": [{"description": "CWE-863 Incorrect Authorization", "lang": "en", "type": "CWE", "cweId": "CWE-863"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.6, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"cvssV4_0": {"version": "4.0", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "LOW", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-01-06T22:30:03.390526Z", "id": "CVE-2026-22230", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "OPEXUS eCASE Audit incorrect access control", "references": [{"name": "url", "url": "https://docs.opexustech.com/docs/eCase/11.14.X/eCASE_Release_Notes_11.14.1.0.pdf", "tags": ["release-notes"]}, {"name": "url", "url": "https://www.cve.org/CVERecord?id=CVE-2026-22230", "tags": ["vdb-entry"]}, {"name": "url", "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/va-26-008-01.json", "tags": ["government-resource", "third-party-advisory"]}], "credits": [{"value": "Aaron M. Ramirez, Son Nguyen, Wesley Cuffee, United States Department of Justice", "lang": "en"}], "datePublic": "2026-01-08T00:00:00.000Z", "providerMetadata": {"orgId": "9119a7d8-5eab-497f-8521-727c672e3725", "shortName": "cisa-cg", "dateUpdated": "2026-01-16T18:04:14.143Z"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-01-08T18:17:07.319998Z", "id": "CVE-2026-22230", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-08T18:17:21.337Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-22230", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-01-08T18:17:07.319998Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-08T18:17:12.106Z"}}], "cna": {"title": "OPEXUS eCASE Audit incorrect access control", "credits": [{"lang": "en", "value": "Aaron M. Ramirez, Son Nguyen, Wesley Cuffee, United States Department of Justice"}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.6, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"cvssV4_0": {"version": "4.0", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "LOW", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-22230", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-01-06T22:30:03.390526Z"}}}], "affected": [{"vendor": "OPEXUS", "product": "eCASE Audit", "versions": [{"status": "affected", "version": "11.4.0", "lessThan": "11.14.1.0", "versionType": "custom"}, {"status": "unaffected", "version": "11.14.1.0"}], "defaultStatus": "unknown"}], "datePublic": "2026-01-08T00:00:00.000Z", "references": [{"url": "https://docs.opexustech.com/docs/eCase/11.14.X/eCASE_Release_Notes_11.14.1.0.pdf", "name": "url", "tags": ["release-notes"]}, {"url": "https://www.cve.org/CVERecord?id=CVE-2026-22230", "name": "url", "tags": ["vdb-entry"]}, {"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/va-26-008-01.json", "name": "url", "tags": ["government-resource", "third-party-advisory"]}], "descriptions": [{"lang": "en", "value": "OPEXUS eCASE Audit allows an authenticated attacker to modify client-side JavaScript or craft HTTP requests to access functions or buttons that have been disabled or blocked by an administrator. Fixed in eCASE Platform 11.14.1.0."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-863", "description": "CWE-863 Incorrect Authorization"}]}], "providerMetadata": {"orgId": "9119a7d8-5eab-497f-8521-727c672e3725", "shortName": "cisa-cg", "dateUpdated": "2026-01-16T18:04:14.143Z"}}}, "cveMetadata": {"cveId": "CVE-2026-22230", "state": "PUBLISHED", "dateUpdated": "2026-01-16T18:04:14.143Z", "dateReserved": "2026-01-06T21:51:19.140Z", "assignerOrgId": "9119a7d8-5eab-497f-8521-727c672e3725", "datePublished": "2026-01-08T17:10:03.179Z", "assignerShortName": "cisa-cg"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:opexustech:ecase_audit:*:*:*:*:*:*:*:*", "matchCriteriaId": "1F954E97-A5E0-43E1-98D3-8F1AEA592F8E", "versionEndExcluding": "11.14.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "OPEXUS eCASE Audit allows an authenticated attacker to modify client-side JavaScript or craft HTTP requests to access functions or buttons that have been disabled or blocked by an administrator. Fixed in eCASE Platform 11.14.1.0."}], "id": "CVE-2026-22230", "lastModified": "2026-01-26T21:03:00.523", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.6, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 4.7, "source": "9119a7d8-5eab-497f-8521-727c672e3725", "type": "Secondary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "9119a7d8-5eab-497f-8521-727c672e3725", "type": "Secondary"}]}, "published": "2026-01-08T18:15:59.750", "references": [{"source": "9119a7d8-5eab-497f-8521-727c672e3725", "tags": ["Release Notes"], "url": "https://docs.opexustech.com/docs/eCase/11.14.X/eCASE_Release_Notes_11.14.1.0.pdf"}, {"source": "9119a7d8-5eab-497f-8521-727c672e3725", "tags": ["Broken Link"], "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/va-26-008-01.json"}, {"source": "9119a7d8-5eab-497f-8521-727c672e3725", "tags": ["Third Party Advisory"], "url": "https://www.cve.org/CVERecord?id=CVE-2026-22230"}], "sourceIdentifier": "9119a7d8-5eab-497f-8521-727c672e3725", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-863"}], "source": "9119a7d8-5eab-497f-8521-727c672e3725", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-18T16:42:18.163456+00:00", "value": {"mitigation_remediation": ["Update OPEXUS eCASE Audit to version 11.14.1.0 or newer, where the access control flaw is fixed.", "Ensure that server\u2011side authorization checks reject any unsupported actions regardless of client\u2011side configuration or JavaScript manipulations.", "Restrict privileged accounts and enforce least\u2011privilege by disabling or removing accounts that do not require elevated access."], "summary": {"action": "Patch", "impact": "Authorization Bypass"}, "threat_synthesis": {"affected_systems": "All installations of OPEXUS eCASE Audit older than version 11.14.1.0 are vulnerable. The issue resides in the platform component that handles client\u2011side interfaces and authorization checks. OPEXUS provides the product eCASE Audit.", "description_and_impact": "OPEXUS eCASE Audit allows an authenticated user to bypass restrictions by altering client\u2011side JavaScript or sending crafted HTTP requests, enabling access to functions or buttons normally disabled or blocked by an administrator. This flaw does not provide remote code execution; it simply permits the attacker to perform actions that should be prohibited by the system's authorization logic. The threat is limited to accounts with legitimate authentication credentials.", "risk_and_exploitability": "The CVSS score of 7.2 indicates a moderate severity. The EPSS score of less than 1% suggests exploitation is unlikely. The vulnerability is not listed in CISA KEV. Attack requires valid credentials, so compromised or weak user accounts present the primary risk. Once authenticated, the attacker can exploit the access\u2011control bypass without additional network exposure."}}}}, "created": "2026-01-09T13:24:26.731881+00:00", "updated": "2026-04-18T16:45:05.228336+00:00", "vendors": ["opexus", "opexus$PRODUCT$ecase_audit"]}