CVE-2026-32867

5.4 MEDIUM

Published: March 19, 2026 Modified: March 19, 2026

Description

OPEXUS eComplaint before version 10.1.0.0 allows an unauthenticated attacker to obtain or guess an existing case number and upload arbitrary files via 'Portal/EEOC/DocumentUploadPub.aspx'. Users would see these unexpected files in cases. Uploading a large number of files could consume storage.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

CVSS v3.x Details

0.0 Low Medium High Critical 10.0

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/va-26-077-01.json

Source: 9119a7d8-5eab-497f-8521-727c672e3725

https://www.cve.org/CVERecord?id=CVE-2026-32867

Source: 9119a7d8-5eab-497f-8521-727c672e3725

2 reference(s) from NVD

Quick Stats

CVSS v3 Score

5.4 / 10.0

Exploitation Status

Not in CISA KEV

Weaknesses (CWE)

CWE-425 CWE-639

Related CVEs

CVE-2026-3550 5.3

CVE-2026-33192 N/A

CVE-2026-33080 7.3

CVE-2026-33075 N/A

CVE-2026-33072 8.2