5.4

CVE-2026-33915

EPSS 0.03%
Veröffentlicht 25.03.2026 23:23:40
Zuletzt bearbeitet 26.03.2026 16:26:16
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, five insurance company REST API routes are missing the `RestConfig::request_authorization_check()` call that every other data-modifying route in the standard API uses. This allows any authenticated API user to create and modify insurance company records even if their OpenEMR user account does not have administrative ACL permissions. Version 8.0.0.3 patches the issue.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Open-emr ≫ Openemr Version < 8.0.0.3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.099

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.4	2.8	2.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
security-advisories@github.com	5.4	2.8	2.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

CWE-862 Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

https://github.com/openemr/openemr/releases/tag/v8_0_0_3

Product

https://github.com/openemr/openemr/security/advisories/GHSA-ww94-26v7-x4gp

Vendor Advisory

https://github.com/openemr/openemr/commit/976d2a85f024a730955578597a82c083067a72b4

Patch

https://nvd.nist.gov/vuln/detail/CVE-2026-33915

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-33915

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-33915

EUVD