CVE-2026-33934
MEDIUMOpenEMR's Missing Authorization in show-signature.php Allows Portal Patients to Read Staff Signatures
Title source: cnaDescription
OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0.3 have a missing authorization check in `portal/sign/lib/show-signature.php` that allows any authenticated patient portal user to retrieve the drawn signature image of any staff member by supplying an arbitrary `user` value in the POST body. The companion write endpoint (`save-signature.php`) was already hardened against this same issue, but the read endpoint was not updated to match. Version 8.0.0.3 patches the issue.
References (3)
Scores
CVSS v3
4.3
EPSS
0.0005
EPSS Percentile
14.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
partial
Details
CWE
CWE-639
CWE-862
Status
published
Products (2)
open-emr/openemr
< 8.0.0.3
openemr/openemr
< 8.0.0.3
Published
Mar 26, 2026
Tracked Since
Mar 26, 2026