CVE-2026-34053 in OpenEMR
Riassunto
di MITRE • 26/03/2026
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, missing authorization in the AJAX deletion endpoint `interface/forms/procedure_order/handle_deletions.php` allows any authenticated user, regardless of role, to irreversibly delete procedure orders, answers, and specimens belonging to any patient in the system. Version 8.0.0.3 patches the issue.
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.