Main Vulnerability Database Vulnerabilities #VU127358

Authorization bypass through user-controlled key in OpenEMR - CVE-2026-33931

Published: April 23, 2026

Vulnerability identifier: #VU127358

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2026-33931

CWE-ID: CWE-639

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: OpenEMR

Affected software:
OpenEMR

Detailed vulnerability description

The vulnerability allows a remote user to disclose sensitive information.

The vulnerability exists due to authorization bypass through a user-controlled key in portal/portal_payment.php and getPortalAuditRec() when handling a recid query parameter. A remote user can manipulate the recid parameter to disclose sensitive information.

Sequential record identifiers can be enumerated, and affected responses may expose invoice and billing data as well as payment card metadata.

How to mitigate CVE-2026-33931

Install security update from vendor's website.

Sources

https://github.com/openemr/openemr/security/advisories/GHSA-hf37-5rp9-j27j

Authorization bypass through user-controlled key in OpenEMR - CVE-2026-33931

Detailed vulnerability description

How to mitigate CVE-2026-33931

Sources

Please verify you're human