CVE-2026-25131

High CVSS: 8.8

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, a Broken Access Control vulnerability exists in the OpenEMR order types management system, allowing low-privilege users (such as Receptionist) to add and modify procedure types without proper authorization. This vulnerability is present in the /openemr/interface/orders/types_edit.php endpoint. Version 8.0.0 contains a patch.

Vendor

Open-emr

Product

Openemr

CWE

CWE-862

Yayın Tarihi

2026-02-25 02:16:22

Güncelleme

2026-02-25 16:56:00

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-862 Openemr HIGH Open-emr 2026

Referanslar

https://github.com/openemr/openemr/commit/1e63cbab34558bca029533f87cdb6efb1ff32c75 https://github.com/openemr/openemr/security/advisories/GHSA-6h2m-4ppf-ph4j

Benzer Kayıtlar

High

CVE-2026-34053

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to versio…

High

CVE-2026-34055

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to versio…

High

CVE-2026-34056

OpenEMR is a free and open source electronic health records and medical practice management application. A Broken Access…

Medium

CVE-2026-33933

OpenEMR is a free and open source electronic health records and medical practice management application. Starting in ver…

Medium

CVE-2026-33934

OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior…

Medium

CVE-2026-34051

OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior…