CVE-2026-34051

MEDIUM EPSS 11.8%
Published Mar 26, 20263mo ago · Modified Jun 17, 20261w ago
5.4 CVSS 3.1
Medium
Find Similar
Published Mar 26, 2026 3mo ago
Last Modified Jun 17, 2026 1w ago

Description

OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0.3 have an improper access control on the Import/Export functionality, allowing unauthorized users to perform import and export actions through direct request manipulation despite UI restrictions. This can lead to unauthorized data access, bulk data extraction, and manipulation of system data. Version 8.0.0.3 contains a fix.

CVSS Details

Base Score
5.4
Exploitability
2.8
Impact
2.5
Vector string
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Attack Vector Network
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality Low
Integrity Low
Availability None

Threat Intelligence

EPSS Exploit Probability
11.8% percentile
Exploit & Patch Status
Public Exploit Known
Patch Available

Weaknesses 2

CWE-285
CWE-425

Affected Products 1

VendorProductVersionRange
open-emropenemr* <8.0.0.3

References 3

  • github.com https://github.com/openemr/openemr/commit/81c097f7852fc60d45adf6c13baa86cd0a1b400b
    Patch
  • github.com https://github.com/openemr/openemr/releases/tag/v8_0_0_3
    Product
  • github.com https://github.com/openemr/openemr/security/advisories/GHSA-54m8-wpg9-9665
    ExploitVendor Advisory

Remediation

  • github.com https://github.com/openemr/openemr/commit/81c097f7852fc60d45adf6c13baa86cd0a1b400b
    Patch