Vulnerability Description
OPEXUS eComplaint before version 9.0.45.0 allows an attacker to visit the the 'DocumentOpen.aspx' endpoint, iterate through predictable values of 'chargeNumber', and download any uploaded files.
CVSS Score
7.5
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Opexustech | Ecase Ecomplaint | < 9.0.45.0 |
Related Weaknesses (CWE)
References
- https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/Broken Link
- https://www.cve.org/CVERecord?id=CVE-2026-22235Third Party Advisory
FAQ
What is CVE-2026-22235?
CVE-2026-22235 is a vulnerability with a CVSS score of 7.5 (HIGH). OPEXUS eComplaint before version 9.0.45.0 allows an attacker to visit the the 'DocumentOpen.aspx' endpoint, iterate through predictable values of 'chargeNumber', and download any uploaded files.
How severe is CVE-2026-22235?
CVE-2026-22235 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-22235?
Check the references section above for vendor advisories and patch information. Affected products include: Opexustech Ecase Ecomplaint.