Description
OpenEMR is a free and open source electronic health records and medical practice management application. From 5.0.2 to before 8.0.0, there are (at least) two paths where the gateway_api_key secret value is rendered to the client in plaintext. These secret keys being leaked could result in arbitrary money movement or broad account takeover of payment gateway APIs. This vulnerability is fixed in 8.0.0.
References (4)
Core 4
Core References
Vendor Advisory x_refsource_confirm
https://github.com/openemr/openemr/security/advisories/GHSA-2hq8-wc73-jvvq
Patch x_refsource_misc
https://github.com/openemr/openemr/commit/fe6341496dc82d5b4f5a3f35891bb2e2481f3b25
Third Party Advisory x_refsource_misc
https://github.com/openemr/openemr/blob/6a4e18c5ec73e0c755f6f65b28a9652aded1a58b/interface/patient_file/front_payment.php#L765
Third Party Advisory x_refsource_misc
https://github.com/openemr/openemr/blob/6a4e18c5ec73e0c755f6f65b28a9652aded1a58b/portal/portal_payment.php#L537
Scores
CVSS v3
9.6
EPSS
0.0044
EPSS Percentile
35.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
total
Details
CWE
CWE-200
Status
published
Products (1)
open-emr/openemr
5.0.2 - 8.0.0
Published
Mar 03, 2026
Tracked Since
Mar 04, 2026