anonhaven
Ad

CVE-2026-32123

HIGH CVSS 3.1: 7.7 EPSS 0.11%
Updated Mar 11, 2026
Openemr
Parameter Value
CVSS 7.7 (HIGH)
Fixed In 8.0.0.1
Type CWE-863 (Incorrect Authorization)
Vendor Openemr
Public PoC No

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.1, sensitivity checks for group encounters are broken because the code only consults form_encounter for sensitivity, while group encounters store sensitivity in form_groups_encounter. As a result, sensitivity is never correctly applied to group encounters, and users who should be restricted from viewing sensitive (e.g. mental health) encounters can view them.

This vulnerability is fixed in 8.0.0.1.

Attack Parameters

Attack Vector
Network
Can be exploited remotely
Attack Complexity
Low
Easy to exploit
Privileges Required
Low
Basic privileges needed
User Interaction
None
No user interaction needed

Impact Assessment

Confidentiality
High
Complete data leak
Integrity
None
No data modification
Availability
None
No disruption

CVSS Vector v3.1

Weakness Type (CWE)

CWE-863 Incorrect Authorization

References 1

https://github.com/openemr/openemr/security/advisories/GHSA-j4mm-wg7q-v57q
security-advisories@github.com
Share Post Share Share Share

Related Vulnerabilities

CVE-2026-33910

Open-Emr

8.8

CVE-2026-33909

Open-Emr

5.9

CVE-2026-33348

Open-Emr

5.4

CVE-2026-33321

Openemr

7.2

CVE-2026-33305

Openemr

5.4