CVE-2026-34056

MEDIUM EPSS 18.7%

Published Mar 26, 20263mo ago · Modified Jun 17, 20261w ago

6.5 CVSS 3.1

Medium

Published Mar 26, 2026 3mo ago

Last Modified Jun 17, 2026 1w ago

Description

OpenEMR is a free and open source electronic health records and medical practice management application. A Broken Access Control vulnerability in OpenEMR up to and including version 8.0.0.3 allows low-privilege users to view and download Ensora eRx error logs without proper authorization checks. This flaw compromises system confidentiality by exposing sensitive information, potentially leading to unauthorized data disclosure and misuse. As of time of publication, no known patches versions are available.

CVSS Details

Base Score

6.5

Exploitability

2.8

Impact

3.6

Vector string

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Attack Vector Network

Attack Complexity Low

Privileges Required Low

User Interaction None

Scope Unchanged

Confidentiality High

Integrity None

Availability None

Threat Intelligence

EPSS Exploit Probability

18.7% percentile

Exploit & Patch Status

Public Exploit Known

No Patch Available

Weaknesses 2

CWE-285

CWE-425

Affected Products 1

Vendor	Product	Version	Range
open-emr	openemr	*	≤8.0.0.3

References 2

github.com https://github.com/openemr/openemr/releases/tag/v8_0_0_3

Product
github.com https://github.com/openemr/openemr/security/advisories/GHSA-6qg7-6jf3-xrfh

ExploitVendor Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.