5.4

CVE-2026-34051

Exploit

EPSS 0.02%
Veröffentlicht 25.03.2026 23:45:06
Zuletzt bearbeitet 26.03.2026 16:17:42
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0.3 have an improper access control on the Import/Export functionality, allowing unauthorized users to perform import and export actions through direct request manipulation despite UI restrictions. This can lead to unauthorized data access, bulk data extraction, and manipulation of system data. Version 8.0.0.3 contains a fix.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 2 Referenzen 6

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Open-emr ≫ Openemr Version < 8.0.0.3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.047

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
security-advisories@github.com	5.4	2.8	2.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

CWE-285 Improper Authorization

The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

CWE-425 Direct Request ('Forced Browsing')

The web application does not adequately enforce appropriate authorization on all restricted URLs, scripts, or files.

https://github.com/openemr/openemr/releases/tag/v8_0_0_3

Product

https://github.com/openemr/openemr/security/advisories/GHSA-54m8-wpg9-9665

Vendor Advisory

Exploit

https://github.com/openemr/openemr/commit/81c097f7852fc60d45adf6c13baa86cd0a1b400b

Patch

https://nvd.nist.gov/vuln/detail/CVE-2026-34051

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-34051

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-34051

EUVD