CVE-2026-34053 in OpenEMR
요약
\~에 의해 MITRE • 2026. 03. 26.
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, missing authorization in the AJAX deletion endpoint `interface/forms/procedure_order/handle_deletions.php` allows any authenticated user, regardless of role, to irreversibly delete procedure orders, answers, and specimens belonging to any patient in the system. Version 8.0.0.3 patches the issue.
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.