CVE-2026-33934

MEDIUM EPSS 14.3%
Published Mar 26, 20263mo ago · Modified Jun 17, 20261w ago
4.3 CVSS 3.1
Medium
Find Similar
Published Mar 26, 2026 3mo ago
Last Modified Jun 17, 2026 1w ago

Description

OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0.3 have a missing authorization check in `portal/sign/lib/show-signature.php` that allows any authenticated patient portal user to retrieve the drawn signature image of any staff member by supplying an arbitrary `user` value in the POST body. The companion write endpoint (`save-signature.php`) was already hardened against this same issue, but the read endpoint was not updated to match. Version 8.0.0.3 patches the issue.

CVSS Details

Base Score
4.3
Exploitability
2.8
Impact
1.4
Vector string
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Attack Vector Network
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality Low
Integrity None
Availability None

Threat Intelligence

EPSS Exploit Probability
14.3% percentile
Exploit & Patch Status
Public Exploit Known
Patch Available

Weaknesses 2

CWE-639
CWE-862 Missing Authorization Authorization

Affected Products 1

VendorProductVersionRange
open-emropenemr* <8.0.0.3

References 3

  • github.com https://github.com/openemr/openemr/commit/ae7ee1872d2e6300b165e24687cc90cf6847a4e5
    Patch
  • github.com https://github.com/openemr/openemr/releases/tag/v8_0_0_3
    Product
  • github.com https://github.com/openemr/openemr/security/advisories/GHSA-w9w5-7x6h-657q
    ExploitVendor Advisory

Remediation

  • github.com https://github.com/openemr/openemr/commit/ae7ee1872d2e6300b165e24687cc90cf6847a4e5
    Patch