File Upload and Access Vulnerability in OPEXUS eCasePortal
CVE-2026-22234

9.3CRITICAL

Key Information:

Vendor: Opexus
Status: Ecase Portal
Vendor: CVE Published:; 8 January 2026

What is CVE-2026-22234?

OPEXUS eCasePortal versions prior to 9.0.45.0 contain a vulnerability that allows unauthenticated attackers to exploit the 'Attachments.aspx' endpoint. By manipulating predictable 'formid' values, an attacker can potentially download or delete user-uploaded files, as well as upload new files. This flaw raises serious concerns regarding data integrity and confidentiality, making it imperative for users to upgrade to a secure version.

Affected Version(s)

eCase Portal 0 < 9.0.45.0

eCase Portal 9.0.45.0

References

https://www.cve.org/CVERecord?id=CVE-2026-22234

vdb-entry

https://raw.githubusercontent.com/cisagov/CSAF/develop/cs...

government-resourcethird-party-advisory

CVSS V4

Score:

9.3

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 8, 2026
Vulnerability Reserved
Jan 6, 2026

Credit

Zach Crosman, CISA

CVE-2026-22234 Data

JSON

Opexus

What is CVE-2026-22234?

Affected Version(s)

References

CVSS V4

Timeline

Credit