Client-Side JavaScript Modification Vulnerability in OPEXUS eCASE Audit
CVE-2026-22230

7.2HIGH

Key Information:

Vendor: Opexus
Status: Ecase Audit
Vendor: CVE Published:; 8 January 2026

What is CVE-2026-22230?

The OPEXUS eCASE Audit product is susceptible to a client-side JavaScript modification vulnerability. An authenticated attacker can exploit this weakness by altering JavaScript or crafting malicious HTTP requests, enabling them to interact with functionalities that have been intentionally disabled by administrators. This unauthorized access can lead to potential misuse of the application's features, posing significant risks to the integrity and security of user data and administrative controls. OPEXUS has addressed this vulnerability in the eCASE platform version 11.14.1.0.

Affected Version(s)

eCASE Audit 11.4.0 < 11.14.1.0

eCASE Audit 11.14.1.0

References

https://docs.opexustech.com/docs/eCase/11.14.X/eCASE_Rele...

release-notes

https://www.cve.org/CVERecord?id=CVE-2026-22230

vdb-entry

https://raw.githubusercontent.com/cisagov/CSAF/develop/cs...

government-resourcethird-party-advisory

CVSS V4

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 8, 2026
Vulnerability Reserved
Jan 6, 2026

Credit

Aaron M. Ramirez, Son Nguyen, Wesley Cuffee, United States Department of Justice

CVE-2026-22230 Data

JSON

Opexus