Main Vulnerability Database Vulnerabilities #VU127337

Authorization bypass through user-controlled key in OpenEMR - CVE-2026-25744

Published: April 23, 2026

Vulnerability identifier: #VU127337

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2026-25744

CWE-ID: CWE-639

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: OpenEMR

Affected software:
OpenEMR

Detailed vulnerability description

The vulnerability allows a remote user to overwrite arbitrary patient vital records.

The vulnerability exists due to authorization bypass through a user-controlled key in the encounter vitals API endpoint when handling crafted POST requests containing an attacker-supplied vital id. A remote user can send a specially crafted request with another patient's vital id to overwrite arbitrary patient vital records.

The issue affects updates because the supplied vital record id is not verified as belonging to the specified patient or encounter.

How to mitigate CVE-2026-25744

Install security update from vendor's website.

Sources

https://github.com/openemr/openemr/security/advisories/GHSA-mv9m-j65p-g55f

Authorization bypass through user-controlled key in OpenEMR - CVE-2026-25744

Detailed vulnerability description

How to mitigate CVE-2026-25744

Sources

Please verify you're human