CVE-2026-22230
Unknown Unknown - Not Provided
Client-Side JavaScript Manipulation in OPEXUS eCASE Audit

Publication date: 2026-01-08

Last updated on: 2026-01-08

Assigner: Cybersecurity and Infrastructure Security Agency (CISA) U.S. Civilian Government

Description
OPEXUS eCASE Audit allows an authenticated attacker to modify client-side JavaScript or craft HTTP requests to access functions or buttons that have been disabled or blocked by an administrator. Fixed in eCASE Platform 11.14.1.0.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-08
Last Modified
2026-01-08
Generated
2026-06-16
AI Q&A
2026-01-08
EPSS Evaluated
2026-06-15
NVD
CVE-2026-22230
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
opexus ecase_platform 11.14.1.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-863 The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The vulnerability allows an authenticated attacker to bypass access controls and perform unauthorized actions, which could lead to unauthorized information disclosure or modification. Such unauthorized access and data manipulation could potentially impact compliance with standards like GDPR and HIPAA that require strict access controls and protection of sensitive data. The fixed update improves security by preventing unauthorized activities, thereby helping maintain compliance. [2]

Executive Summary

This vulnerability in OPEXUS eCASE Audit allows an authenticated attacker to modify client-side JavaScript or craft HTTP requests to access functions or buttons that have been disabled or blocked by an administrator. Essentially, the attacker can bypass restrictions set by the administrator by manipulating the interface or requests, potentially performing unauthorized actions. [2]

Impact Analysis

The vulnerability can lead to unauthorized information disclosure, modification, or execution of actions beyond the user's permissions. Attackers could exploit disabled buttons or functions to perform actions they should not be allowed to, potentially compromising data integrity and security within the eCASE Audit platform. [2]

Mitigation Strategies

The immediate step to mitigate this vulnerability is to update the eCASE Platform to version 11.14.1.0, which fixes the Broken Access Control issue by removing onclick events from disabled buttons and sanitizing user inputs to prevent unauthorized actions and XSS attacks. [2]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-22230. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart