Main Vulnerability Database Vulnerabilities #VU127272

Authorization bypass through user-controlled key in OpenEMR - CVE-2026-25927

Published: April 23, 2026

Vulnerability identifier: #VU127272

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2026-25927

CWE-ID: CWE-639

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: OpenEMR

Affected software:
OpenEMR

Detailed vulnerability description

The vulnerability allows a remote user to disclose sensitive information and modify DICOM viewer state.

The vulnerability exists due to authorization bypass through a user-controlled key in the DICOM viewer state API in controllers/C_Document.class.php when handling requests with a supplied doc_id. A remote user can send a crafted request with another patient's document ID to disclose sensitive information and modify DICOM viewer state.

The issue affects read and write operations for viewer state, including annotations and view settings, and may expose PHI and imaging metadata.

How to mitigate CVE-2026-25927

Install security update from vendor's website.

Sources

https://github.com/openemr/openemr/security/advisories/GHSA-qj9f-x7v2-hrr7

Authorization bypass through user-controlled key in OpenEMR - CVE-2026-25927

Detailed vulnerability description

How to mitigate CVE-2026-25927

Sources

Please verify you're human