CVE-2026-24896

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, a Broken Access Control vulnerability exists in OpenEMR’s edihmain.php endpoint, which allows any authenticated user—including low-privilege roles like Receptionist—to...

CVE-2026-24896

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, a Broken Access Control vulnerability exists in OpenEMR’s edihmain.php endpoint, which allows any authenticated user—including low-privilege roles like Receptionist—to...

CVE-2026-24896

OpenEMR prior to version 8.0.0 contains a Broken Access Control vulnerability in the edih_main.php endpoint. An authenticated user, including low-privilege roles (e.g., Receptionist), can access EDI log files by manipulating the log_select parameter in a GET request. The backend does not enforce ...

CVE-2026-24896 OpenEMR has Broken Access Control that allows unauthorized access to EDI Logs

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, a Broken Access Control vulnerability exists in OpenEMR’s edihmain.php endpoint, which allows any authenticated user—including low-privilege roles like Receptionist—to...

CVE-2026-24896 OpenEMR has Broken Access Control that allows unauthorized access to EDI Logs

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, a Broken Access Control vulnerability exists in OpenEMR’s edihmain.php endpoint, which allows any authenticated user—including low-privilege roles like Receptionist—to...