CVE-2026-32867

Published: Mar 19, 2026 Last Modified: Mar 19, 2026
ExploitDB:
Other exploit source:
Google Dorks:
MEDIUM 5,3
Source: 9119a7d8-5eab-497f-8521-727c672e3725
Attack Vector: network
Attack Complexity: low
Privileges Required: none
User Interaction: passive
Confidentiality: N/A
Integrity: N/A
Availability: N/A
MEDIUM 5,4
Source: 9119a7d8-5eab-497f-8521-727c672e3725
Attack Vector: network
Attack Complexity: low
Privileges Required: none
User Interaction: required
Scope: unchanged
Confidentiality: none
Integrity: low
Availability: low

Description

AI Translation Available

OPEXUS eComplaint before version 10.1.0.0 allows an unauthenticated attacker to obtain or guess an existing case number and upload arbitrary files via 'Portal/EEOC/DocumentUploadPub.aspx'. Users would see these unexpected files in cases. Uploading a large number of files could consume storage.

425

Direct Request ('Forced Browsing')

Incomplete
Abstraction: Base Structure: Simple
Common Consequences
Security Scopes Affected:
Confidentiality Integrity Availability Access Control
Potential Impacts:
Read Application Data Modify Application Data Execute Unauthorized Code Or Commands Gain Privileges Or Assume Identity
Applicable Platforms
Technologies: Web Based, Web Server
View CWE Details
639

Authorization Bypass Through User-Controlled Key

Incomplete
Abstraction: Base Structure: Simple
Common Consequences
Security Scopes Affected:
Access Control
Potential Impacts:
Bypass Protection Mechanism Gain Privileges Or Assume Identity
Applicable Platforms
All platforms may be affected
Likelihood of Exploit: High
View CWE Details
https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf…
https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025…
https://www.cve.org/CVERecord?id=CVE-2026-32867
https://www.cve.org/CVERecord?id=CVE-2026-32867