CVE-2026-34055 in OpenEMRinformação

Sumário

de MITRE • 26/03/2026

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, the legacy patient notes functions in `library/pnotes.inc.php` perform updates and deletes using `WHERE id = ?` without verifying that the note belongs to a patient the user is authorized to access. Multiple web UI callers pass user-controlled note IDs directly to these functions. This is the same class of vulnerability as CVE-2026-25745 (REST API IDOR), but affects the web UI code paths. Version 8.0.0.3 patches the issue.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Responsável

GitHub M

Reservar

25/03/2026

Divulgação

26/03/2026

Moderação

aceite

Entrada

VDB-353522

CPE

pronto

EPSS

0.00267

KEV

não

Atividades

muito baixo

Fontes

Might our Artificial Intelligence support you?

Check our Alexa App!