CVE-2026-34051

low-risk

Published 2026-03-26

OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0.3 have an improper access control on the Import/Export functionality, allowing unauthorized users to perform import and export actions through direct request manipulation despite UI restrictions. This can lead to unauthorized data access, bulk data extraction, and manipulation of system data. Version 8.0.0.3 contains a fix.

Do I need to act?

0.02% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 5.4/10 Medium

NETWORK / LOW complexity

Affected Products (1)

Openemr

Affected Vendors

Open-Emr

References (3)

Patch https://github.com/openemr/openemr/commit/81c097f7852fc60d45adf6c13baa86cd0a1b40...

Product https://github.com/openemr/openemr/releases/tag/v8_0_0_3

Exploit https://github.com/openemr/openemr/security/advisories/GHSA-54m8-wpg9-9665

/ 100

low-risk

Severity 21/34 · High

Exploitability 0/34 · Minimal

Exposure 5/34 · Minimal