← Back to CVEs
CVE-2026-34056
HIGH7.7
Description
OpenEMR is a free and open source electronic health records and medical practice management application. A Broken Access Control vulnerability in OpenEMR up to and including version 8.0.0.3 allows low-privilege users to view and download Ensora eRx error logs without proper authorization checks. This flaw compromises system confidentiality by exposing sensitive information, potentially leading to unauthorized data disclosure and misuse. As of time of publication, no known patches versions are available.
CVE Details
CVSS v3.1 Score7.7
SeverityHIGH
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Attack VectorNETWORK
ComplexityLOW
Privileges RequiredLOW
User InteractionNONE
Published3/26/2026
Last Modified3/26/2026
Sourcenvd
Honeypot Sightings0
Affected Products
open-emr:openemr
Weaknesses (CWE)
CWE-285CWE-425
References
https://github.com/openemr/openemr/releases/tag/v8_0_0_3(security-advisories@github.com)
https://github.com/openemr/openemr/security/advisories/GHSA-6qg7-6jf3-xrfh(security-advisories@github.com)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.