Main Vulnerability Database Vulnerabilities #VU128548

Arbitrary file upload in OpenEMR - CVE-2026-24848

Published: April 30, 2026

Vulnerability identifier: #VU128548

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2026-24848

CWE-ID: CWE-434

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: OpenEMR

Affected software:
OpenEMR

Detailed vulnerability description

The vulnerability allows a remote user to execute arbitrary code.

The vulnerability exists due to improper access control in the disposeDocument() method in EtherFaxActions.php when handling crafted requests to write user-supplied content to a user-specified file path. A remote user can send a specially crafted request to execute arbitrary code.

Exploitation requires valid credentials, the Fax SMS module to be enabled, and EtherFax to be configured as the fax provider.

How to mitigate CVE-2026-24848

Install security update from vendor's website.

Sources

https://github.com/openemr/openemr/security/advisories/GHSA-5vp5-4rm6-h4c9

Arbitrary file upload in OpenEMR - CVE-2026-24848

Detailed vulnerability description

How to mitigate CVE-2026-24848

Sources

Please verify you're human