Open-Emr Openemr vulnerabilities
216 known vulnerabilities affecting open-emr/openemr.
Total CVEs
216
CISA KEV
0
Public exploits
20
Exploited in wild
0
Severity breakdown
CRITICAL14HIGH80MEDIUM120LOW2
Vulnerabilities
Page 7 of 11
CVE-2026-24487P3MEDIUMCVSS 6.5fixed in 8.0.02026-02-25
CVE-2026-24487 [MEDIUM] CWE-200 CVE-2026-24487: OpenEMR is a free and open source electronic health records and medical practice management applicat
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, an authorization bypass vulnerability in the FHIR CareTeam resource endpoint allows patient-scoped FHIR tokens to access care team data for all patients instead of being restricted to only the authenticated patient's data.
nvd
CVE-2026-25124P3MEDIUMCVSS 6.5fixed in 8.0.02026-02-25
CVE-2026-25124 [MEDIUM] CWE-862 CVE-2026-25124: OpenEMR is a free and open source electronic health records and medical practice management applicat
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, the OpenEMR application is vulnerable to an access control flaw that allows low-privileged users, such as receptionists, to export the entire message list containing sensitive patient and user data. The vulnerability lies
nvd
CVE-2026-32118P3CRITICALCVSS 9.0fixed in 8.0.0.12026-03-11
CVE-2026-32118 [CRITICAL] CWE-79 CVE-2026-32118: OpenEMR is a free and open source electronic health records and medical practice management applicat
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.1, stored cross-site scripting (XSS) in the Graphical Pain Map ("clickmap") form allows any authenticated clinician to inject arbitrary JavaScript that executes in the browser of every subsequent user who views the affected encoun
nvd
CVE-2026-25930P3MEDIUMCVSS 6.5fixed in 8.0.02026-02-25
CVE-2026-25930 [MEDIUM] CWE-639 CVE-2026-25930: OpenEMR is a free and open source electronic health records and medical practice management applicat
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, the Layout-Based Form (LBF) printable view accepts `formid` and `visitid` (or `patientid`) from the request and does not verify that the form belongs to the current user’s authorized patient/encounter. An authenticated use
nvd
CVE-2026-34055P3MEDIUMCVSS 6.3fixed in 8.0.0.32026-03-26
CVE-2026-34055 [MEDIUM] CVE-2026-34055: OpenEMR is a free and open source electronic health records and medical practice management applicat
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, the legacy patient notes functions in `library/pnotes.inc.php` perform updates and deletes using `WHERE id = ?` without verifying that the note belongs to a patient the user is authorized to access. Multiple web UI callers pass
nvd
CVE-2017-12064P3HIGHCVSS 7.5v5.0.02017-08-01
CVE-2017-12064 [HIGH] CWE-116 CVE-2017-12064: The csv_log_html function in library/edihistory/edih_csv_inc.php in OpenEMR 5.0.0 and prior allows a
The csv_log_html function in library/edihistory/edih_csv_inc.php in OpenEMR 5.0.0 and prior allows attackers to bypass intended access restrictions via a crafted name.
nvd
CVE-2026-25927P3HIGHCVSS 7.1fixed in 8.0.02026-02-25
CVE-2026-25927 [HIGH] CWE-639 CVE-2026-25927: OpenEMR is a free and open source electronic health records and medical practice management applicat
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, the DICOM viewer state API (e.g. upload or state save/load) accepts a document ID (`doc_id`) without verifying that the document belongs to the current user’s authorized patient or encounter. An authenticated user can read o
nvd
CVE-2011-5160P4MEDIUMCVSS 4.3PoCv4.0.0v4.1.0+1 more2012-09-09
CVE-2011-5160 [MEDIUM] CWE-79 CVE-2011-5160: Cross-site scripting (XSS) vulnerability in setup.php in OpenEMR 4 allows remote attackers to inject
Cross-site scripting (XSS) vulnerability in setup.php in OpenEMR 4 allows remote attackers to inject arbitrary web script or HTML via the site parameter.
nvd
CVE-2026-27943P3MEDIUMCVSS 6.5≤ 8.0.02026-02-26
CVE-2026-27943 [MEDIUM] CWE-639 CVE-2026-27943: OpenEMR is a free and open source electronic health records and medical practice management applicat
OpenEMR is a free and open source electronic health records and medical practice management application. In versions up to and including 8.0.0, the eye exam (eye_mag) view loads data by `form_id` (or equivalent) without verifying that the form belongs to the current user’s patient/encounter context. An authenticated user can access or edit any patie
nvd
CVE-2022-4504P3HIGHCVSS 7.5fixed in 7.0.0.22022-12-15
CVE-2022-4504 [HIGH] CWE-20 CVE-2022-4504: Improper Input Validation in GitHub repository openemr/openemr prior to 7.0.0.2.
Improper Input Validation in GitHub repository openemr/openemr prior to 7.0.0.2.
nvd
CVE-2018-10572P3MEDIUMCVSS 6.5fixed in 5.0.12018-04-30
CVE-2018-10572 [MEDIUM] CVE-2018-10572: interface/patient_file/letter.php in OpenEMR before 5.0.1 allows remote authenticated users to bypas
interface/patient_file/letter.php in OpenEMR before 5.0.1 allows remote authenticated users to bypass intended access restrictions via the newtemplatename and form_body parameters.
nvd
CVE-2025-54373P3MEDIUMCVSS 6.5v7.0.3.42026-01-28
CVE-2025-54373 [MEDIUM] CWE-200 CVE-2025-54373: OpenEMR is a free and open source electronic health records and medical practice management applicat
OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 7.0.4 have a vulnerability where sensitive data is unintentionally revealed to unauthorized parties. Contents of Clinical Notes and Care Plan, where an encounter has Sensitivity=high, can be viewed and changed by users who do no
nvd
CVE-2026-25127P3MEDIUMCVSS 6.5fixed in 8.0.02026-02-25
CVE-2026-25127 [MEDIUM] CWE-863 CVE-2026-25127: OpenEMR is a free and open source electronic health records and medical practice management applicat
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, the server does not properly validate user permission. Unauthorized users can view the information of authorized users. Version 8.0.0 fixes the issue.
nvd
CVE-2026-25220P3MEDIUMCVSS 6.5fixed in 8.0.02026-02-25
CVE-2026-25220 [MEDIUM] CWE-639 CVE-2026-25220: OpenEMR is a free and open source electronic health records and medical practice management applicat
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, the Message Center accepts the URL parameter `show_all=yes` and passes it to `getPnotesByUser()`, which returns all internal messages (all users’ notes). The backend does not verify that the requesting user is an administr
nvd
CVE-2026-24890P3MEDIUMCVSS 6.5fixed in 8.0.02026-02-25
CVE-2026-24890 [MEDIUM] CWE-285 CVE-2026-24890: OpenEMR is a free and open source electronic health records and medical practice management applicat
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, an authorization bypass vulnerability in the patient portal signature endpoint allows authenticated portal users to upload and overwrite provider signatures by setting `type=admin-signature` and specifying any provider use
nvd
CVE-2026-33909P3MEDIUMCVSS 5.9fixed in 8.0.0.32026-03-25
CVE-2026-33909 [MEDIUM] CWE-89 CVE-2026-33909: OpenEMR is a free and open source electronic health records and medical practice management applicat
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, several variables in the MedEx recall/reminder processing code are concatenated directly into SQL queries without parameterization or type casting, enabling SQL injection. Version 8.0.0.3 contains a patch.
nvd
CVE-2018-16795P3HIGHCVSS 8.8v5.0.1.32020-12-31
CVE-2018-16795 [HIGH] CWE-352 CVE-2018-16795: OpenEMR 5.0.1.3 allows Cross-Site Request Forgery (CSRF) via library/ajax and interface/super, as de
OpenEMR 5.0.1.3 allows Cross-Site Request Forgery (CSRF) via library/ajax and interface/super, as demonstrated by use of interface/super/manage_site_files.php to upload a .php file.
nvd
CVE-2026-32123P3MEDIUMCVSS 6.5fixed in 8.0.0.12026-03-11
CVE-2026-32123 [MEDIUM] CWE-863 CVE-2026-32123: OpenEMR is a free and open source electronic health records and medical practice management applicat
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.1, sensitivity checks for group encounters are broken because the code only consults form_encounter for sensitivity, while group encounters store sensitivity in form_groups_encounter. As a result, sensitivity is never correctly app
nvd
CVE-2026-25744P3MEDIUMCVSS 6.5fixed in 8.0.0.22026-03-19
CVE-2026-25744 [MEDIUM] CWE-639 CVE-2026-25744: OpenEMR is a free and open source electronic health records and medical practice management applicat
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.2, the encounter vitals API accepts an `id` in the request body and treats it as an UPDATE. There is no verification that the vital belongs to the current patient or encounter. An authenticated user with encounters/notes permission
nvd
CVE-2026-25745P3MEDIUMCVSS 6.5≤ 8.0.02026-03-18
CVE-2026-25745 [MEDIUM] CWE-639 CVE-2026-25745: OpenEMR is a free and open source electronic health records and medical practice management applicat
OpenEMR is a free and open source electronic health records and medical practice management application. In versions up to and including 8.0.0, the message/note update endpoint (e.g. PUT or POST) updates by message/note ID only and does not verify that the message belongs to the current patient (or that the user is allowed to edit that patient’s not
nvd