4 matches found
EUVD-2026-8706
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, the session expiration check in library/auth.inc.php runs only when skiptimeoutreset is not present in the request. When skiptimeoutreset=1 is sent, the entire block th...
CVE-2026-25476 OpenEMR has Session Timeout Bypass via skip_timeout_reset
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, the session expiration check in library/auth.inc.php runs only when skiptimeoutreset is not present in the request. When skiptimeoutreset=1 is sent, the entire block th...
CVE-2026-25476
OpenEMR prior to version 8.0.0 is affected by a session timeout bypass vulnerability in library/auth.inc.php. When skip_timeout_reset=1 is present in a request, the code block that calls SessionTracker::isSessionExpired() and enforces logout on timeout is skipped, allowing expired sessions to con...
CVE-2026-25476 OpenEMR has Session Timeout Bypass via skip_timeout_reset
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, the session expiration check in library/auth.inc.php runs only when skiptimeoutreset is not present in the request. When skiptimeoutreset=1 is sent, the entire block th...