← Back

CVE-2026-32123

nvd nist
Published: Mar 11, 2026Modified: Mar 13, 2026

JSON object

Loading...
6.5
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Exploitability: 2.8 / Impact: 3.6
Source: NVD

Description

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.1, sensitivity checks for group encounters are broken because the code only consults form_encounter for sensitivity, while group encounters store sensitivity in form_groups_encounter. As a result, sensitivity is never correctly applied to group encounters, and users who should be restricted from viewing sensitive (e.g. mental health) encounters can view them. This vulnerability is fixed in 8.0.0.1.

Affected (1)

Products: Open Emr: Openemr
Open Emr
1 product
Openemr
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Openemr
Before 8.0.0.1

Related CWEs

CWE-863
Incorrect Authorization
The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.

References (1)

Source: security-advisories@github.com
ExploitVendor Advisory

Timeline

No history available yet.