CVE-2026-25927

HIGH

OpenEMR <8.0.0 - Auth Bypass

Title source: llm

Description

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, the DICOM viewer state API (e.g. upload or state save/load) accepts a document ID (`doc_id`) without verifying that the document belongs to the current user’s authorized patient or encounter. An authenticated user can read or modify DICOM viewer state (e.g. annotations, view settings) for any document by enumerating document IDs. Version 8.0.0 fixes the issue.

References (1)

[Vendor Advisory] https://github.com/openemr/openemr/security/advisories/GHSA-qj9f-x7v2-hrr7

Scores

CVSS v3 7.1

EPSS 0.0011

EPSS Percentile 29.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-639

Status published

Products (1)

open-emr/openemr < 8.0.0

Published Feb 25, 2026

Tracked Since Feb 26, 2026