| CVE-2026-46518 |
|
High |
Jun 10, 2026 |
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.1, a stored cross-site
more...
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.1, a stored cross-site scripting vulnerability in the prescription CSS/HTML multi-print feature allows a patient portal user to execute arbitrary JavaScript in a clinician's browser session. Patient demographic fields (name, address) are rendered without output encoding in multiprintcss_header(), and portal patients can write attacker-controlled HTML directly into patient_data by calling the PUT api/patient/:num endpoint, which bypasses the intended audit review workflow. Because the XSS fires in the clinician's authenticated session on the main OpenEMR interface, the attacker can access CSRF tokens, session data, and perform actions as the clinician — crossing the patient-to-clinician trust boundary. This issue has been patched in version 8.0.0.1.
less...
|
4.1.2.7, 4.1.2.3, 4.1.1, 4.1.0, 4.0.0, 3.2.0, 3.1.0, 4.1.2, 3.0.1, 3.0.0
|
| CVE-2026-34056 |
|
Medium |
Mar 26, 2026 |
OpenEMR is a free and open source electronic health records and medical practice management application. A Broken Access Control vulnerability in OpenE
more...
OpenEMR is a free and open source electronic health records and medical practice management application. A Broken Access Control vulnerability in OpenEMR up to and including version 8.0.0.3 allows low-privilege users to view and download Ensora eRx error logs without proper authorization checks. This flaw compromises system confidentiality by exposing sensitive information, potentially leading to unauthorized data disclosure and misuse. As of time of publication, no known patches versions are available.
less...
|
4.1.2.7, 4.1.2.3, 4.1.1, 4.1.0, 4.0.0, 3.2.0, 3.1.0, 4.1.2, 3.0.1, 3.0.0
|
| CVE-2026-34055 |
|
Medium |
Mar 26, 2026 |
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, the legacy patient n
more...
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, the legacy patient notes functions in `library/pnotes.inc.php` perform updates and deletes using `WHERE id = ?` without verifying that the note belongs to a patient the user is authorized to access. Multiple web UI callers pass user-controlled note IDs directly to these functions. This is the same class of vulnerability as CVE-2026-25745 (REST API IDOR), but affects the web UI code paths. Version 8.0.0.3 patches the issue.
less...
|
4.1.2.7, 4.1.2.3, 4.1.1, 4.1.0, 4.0.0, 3.2.0, 3.1.0, 4.1.2, 3.0.1, 3.0.0
|
| CVE-2026-34053 |
|
High |
Mar 26, 2026 |
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, missing authorizatio
more...
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, missing authorization in the AJAX deletion endpoint `interface/forms/procedure_order/handle_deletions.php` allows any authenticated user, regardless of role, to irreversibly delete procedure orders, answers, and specimens belonging to any patient in the system. Version 8.0.0.3 patches the issue.
less...
|
4.1.2.7, 4.1.2.3, 4.1.1, 4.1.0, 4.0.0, 3.2.0, 3.1.0, 4.1.2, 3.0.1, 3.0.0
|
| CVE-2026-34051 |
|
Medium |
Mar 26, 2026 |
OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0.3 have an improper acc
more...
OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0.3 have an improper access control on the Import/Export functionality, allowing unauthorized users to perform import and export actions through direct request manipulation despite UI restrictions. This can lead to unauthorized data access, bulk data extraction, and manipulation of system data. Version 8.0.0.3 contains a fix.
less...
|
4.1.2.7, 4.1.2.3, 4.1.1, 4.1.0, 4.0.0, 3.2.0, 3.1.0, 4.1.2, 3.0.1, 3.0.0
|
| CVE-2026-33934 |
|
Medium |
Mar 26, 2026 |
OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0.3 have a missing autho
more...
OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0.3 have a missing authorization check in `portal/sign/lib/show-signature.php` that allows any authenticated patient portal user to retrieve the drawn signature image of any staff member by supplying an arbitrary `user` value in the POST body. The companion write endpoint (`save-signature.php`) was already hardened against this same issue, but the read endpoint was not updated to match. Version 8.0.0.3 patches the issue.
less...
|
4.1.2.7, 4.1.2.3, 4.1.1, 4.1.0, 4.0.0, 3.2.0, 3.1.0, 4.1.2, 3.0.1, 3.0.0
|
| CVE-2026-33932 |
|
Medium |
Mar 26, 2026 |
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, a stored cross-site
more...
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, a stored cross-site scripting vulnerability in the CCDA document preview allows an attacker who can upload or send a CCDA document to execute arbitrary JavaScript in a clinician's browser session when the document is previewed. The XSL stylesheet sanitizes attributes for all other narrative elements but not for `linkHtml`, allowing `href="javascript:..."` and event handler attributes to pass through unchanged. Version 8.0.0.3 patches the issue.
less...
|
4.1.2.7, 4.1.2.3, 4.1.1, 4.1.0, 4.0.0, 3.2.0, 3.1.0, 4.1.2, 3.0.1, 3.0.0
|
| CVE-2026-33931 |
|
Medium |
Mar 26, 2026 |
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, an Insecure Direct O
more...
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, an Insecure Direct Object Reference (IDOR) vulnerability in the patient portal payment page allows any authenticated portal patient to access other patients' payment records — including invoice/billing data (PHI) and payment card metadata — by manipulating the `recid` query parameter in `portal/portal_payment.php`. Version 8.0.0.3 patches the issue.
less...
|
4.1.2.7, 4.1.2.3, 4.1.1, 4.1.0, 4.0.0, 3.2.0, 3.1.0, 4.1.2, 3.0.1, 3.0.0
|
| CVE-2026-33918 |
|
High |
Mar 26, 2026 |
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, the billing file-dow
more...
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, the billing file-download endpoint `interface/billing/get_claim_file.php` only verifies that the caller has a valid session and CSRF token, but does not check any ACL permissions. This allows any authenticated OpenEMR user — regardless of whether they have billing privileges — to download and permanently delete electronic claim batch files containing protected health information (PHI). Version 8.0.0.3 patches the issue.
less...
|
4.1.2.7, 4.1.2.3, 4.1.1, 4.1.0, 4.0.0, 3.2.0, 3.1.0, 4.1.2, 3.0.1, 3.0.0
|
| CVE-2026-33917 |
|
High |
Mar 26, 2026 |
OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0.3 contais a SQL inject
more...
OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0.3 contais a SQL injection vulnerability in the ajax_save CAMOS form that can be exploited by authenticated attackers. The vulnerability exists due to insufficient input validation in the ajax_save page in the CAMOS form. Version 8.0.0.3 patches the issue.
less...
|
4.1.2.7, 4.1.2.3, 4.1.1, 4.1.0, 4.0.0, 3.2.0, 3.1.0, 4.1.2, 3.0.1, 3.0.0
|
