File Upload Vulnerability in OPEXUS eComplaint Product
CVE-2026-32867

5.3MEDIUM

Key Information:

Vendor: Opexus
Status: Ecomplaint
Vendor: CVE Published:; 19 March 2026

What is CVE-2026-32867?

The OPEXUS eComplaint system, prior to version 10.1.0.0, is susceptible to a file upload vulnerability that enables an unauthenticated attacker to potentially access, guess, or input an existing case number. This allows the attacker to upload arbitrary files through the 'Portal/EEOC/DocumentUploadPub.aspx' endpoint. Consequently, users may inadvertently see these unexpected files in their case, which poses risks to data integrity and could lead to storage consumption issues if exploited extensively.

Affected Version(s)

eComplaint 0

eComplaint 0 < 10.1.0.0

eComplaint 10.1.0.0

References

https://raw.githubusercontent.com/cisagov/CSAF/develop/cs...

https://www.cve.org/CVERecord?id=CVE-2026-32867

CVSS V4

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 19, 2026
Vulnerability Reserved
Mar 16, 2026

Credit

Adam Rose, CISA

CVE-2026-32867 Data

JSON