4.3

CVE-2026-32122

Exploit

EPSS 0.23%
Veröffentlicht 11.03.2026 20:48:26
Zuletzt bearbeitet 13.03.2026 15:48:07
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

OpenEMR: Missing Authorization on Claim File Tracker UI and AJAX Endpoint (V2)

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.1, the Claim File Tracker feature exposes an AJAX endpoint that returns billing claim metadata (claim IDs, payer info, transmission logs). The endpoint does not enforce the same ACL as the main billing/claims workflow, so authenticated users without appropriate billing permissions can access this data. This vulnerability is fixed in 8.0.0.1.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 4

NVD 1 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Open-emr ≫ Openemr Version < 8.0.0.1

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.23%	0.134

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
security-advisories@github.com	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CWE-862 Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

https://github.com/openemr/openemr/security/advisories/GHSA-rwf9-px3c-3prw

Vendor Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2026-32122

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-32122

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-32122

EUVD