CVE-2026-27943 OpenEMR's Eye Exam View Trusts form_id Without Verifying Patient/Encounter Ownership
OpenEMR is a free and open source electronic health records and medical practice management application. In versions up to and including 8.0.0, the eye exam eyemag view loads data by formid or equivalent without verifying that the form belongs to the current user’s patient/encounter context. An...