Description
OPEXUS eComplaint before version 10.1.0.0 allows an unauthenticated attacker to obtain or guess an existing case number and upload arbitrary files via 'Portal/EEOC/DocumentUploadPub.aspx'. Users would see these unexpected files in cases. Uploading a large number of files could consume storage.
Published: 2026-03-19
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Unauthenticated File Upload
Action: Immediate Patch
AI Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 30 Mar 2026 13:15:00 +0000

Type Values Removed Values Added
First Time appeared Opexustech
Opexustech ecase Ecomplaint
CPEs cpe:2.3:a:opexustech:ecase_ecomplaint:*:*:*:*:*:*:*:*
Vendors & Products Opexustech
Opexustech ecase Ecomplaint

Fri, 20 Mar 2026 09:00:00 +0000

Type Values Removed Values Added
First Time appeared Opexus
Opexus ecomplaint
Vendors & Products Opexus
Opexus ecomplaint

Thu, 19 Mar 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 19 Mar 2026 16:00:00 +0000

Type Values Removed Values Added
Description OPEXUS eComplaint before version 10.1.0.0 allows an unauthenticated attacker to obtain or guess an existing case number and upload arbitrary files via 'Portal/EEOC/DocumentUploadPub.aspx'. Users would see these unexpected files in cases. Uploading a large number of files could consume storage.
Title OPEXUS eComplaint unauthenticated file upload
Weaknesses CWE-425
CWE-639
References
Metrics cvssV3_1

{'score': 5.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L'}

cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N'}

Subscriptions

Opexus Ecomplaint
Opexustech Ecase Ecomplaint
cve-icon MITRE

Status: PUBLISHED

Assigner: cisa-cg

Published:

Updated: 2026-03-19T18:22:21.300Z

Reserved: 2026-03-16T20:57:29.387Z

Link: CVE-2026-32867

cve-icon Vulnrichment

Updated: 2026-03-19T18:22:16.303Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-19T16:16:03.640

Modified: 2026-03-30T13:10:38.170

Link: CVE-2026-32867

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-30T20:59:06Z

Weaknesses