Client-Side JavaScript Modification Vulnerability in OPEXUS eCASE Audit
CVE-2026-22230

7.2HIGH

Key Information:

Vendor

Opexus

Status
Ecase Audit
Vendor
CVE Published:
8 January 2026

What is CVE-2026-22230?

The OPEXUS eCASE Audit product is susceptible to a client-side JavaScript modification vulnerability. An authenticated attacker can exploit this weakness by altering JavaScript or crafting malicious HTTP requests, enabling them to interact with functionalities that have been intentionally disabled by administrators. This unauthorized access can lead to potential misuse of the application's features, posing significant risks to the integrity and security of user data and administrative controls. OPEXUS has addressed this vulnerability in the eCASE platform version 11.14.1.0.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

eCASE Audit 11.4.0 < 11.14.1.0

eCASE Audit 11.14.1.0

References

https://docs.opexustech.com/docs/eCase/11.14.X/eCASE_Rele...
release-notes
https://www.cve.org/CVERecord?id=CVE-2026-22230
vdb-entry
https://raw.githubusercontent.com/cisagov/CSAF/develop/cs...
government-resourcethird-party-advisory

CVSS V4

Score:
7.2
Severity:
HIGH
Confidentiality:
High
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Aaron M. Ramirez, Son Nguyen, Wesley Cuffee, United States Department of Justice
JSON
.