Skip to main content

PHP CVE-2026-24849

CRITICAL
Path Traversal (CWE-22)
2026-02-25 security-advisories@github.com
PHP Openemr
9.9
CVSS 3.1 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
9.9 CRITICAL
AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

4
Analysis Generated
Mar 12, 2026 - 21:55 vuln.today
PoC Detected
Feb 25, 2026 - 16:56 vuln.today
Public exploit code
Patch released
Feb 25, 2026 - 16:56 nvd
Patch available
CVE Published
Feb 25, 2026 - 02:16 nvd
CRITICAL 9.9

DescriptionGitHub Advisory

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 7.0.4, the disposeDocument() method in EtherFaxActions.php allows authenticated users to read arbitrary files from the server filesystem. Any authenticated user (regardless of privilege level) can exploit this vulnerability to read sensitive files. Version 7.0.4 patches the issue.

AnalysisAI

Path traversal in OpenEMR electronic health records before fix allows authenticated users to read arbitrary files on the server, potentially exposing patient health data. PoC and patch available.

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Authenticate to OpenEMR instance
Exploit
Call disposeDocument() method in EtherFaxActions.php
Execution
Manipulate file path parameter
Impact
Read arbitrary server filesystem files
Sign in to reveal

Vulnerability AssessmentAI

Exploitation Authenticated user account on OpenEMR versions prior to 7.0.4. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment CVSS 9.9 with scope change. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario Authenticated user traverses filesystem to read patient records, database credentials, or system configuration files containing PHI.
Remediation Apply OpenEMR security update immediately. … Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Recommended ActionAI

Within 24 hours: Identify all OpenEMR deployments and assess current version; notify security and compliance teams. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

More from same product – last 7 days

CVE-2026-49952 CRITICAL POC
9.3 Jun 15

Authentication bypass in Discuz! X5.0 releases 20260320 through 20260501 allows unauthenticated remote attackers to acce
CVE-2026-49954 HIGH POC
8.6 Jun 15

Authenticated remote code execution in Discuz! X5.0 releases 20260320 through 20260501 allows administrators to chain a

CVE-2026-49768 CRITICAL
9.8 Jun 15

Unauthenticated PHP Object Injection in the Happyforms WordPress plugin (versions <= 1.26.13) allows remote attackers to
CVE-2026-27053 CRITICAL
9.8 Jun 15

Unauthenticated PHP Object Injection in the Broadcast Live Video WordPress plugin (versions prior to 7.1.3) allows remot
CVE-2026-49104 CRITICAL
9.8 Jun 15

Unauthenticated PHP object injection in the WordPress plugin 'Integration for Keap/Infusionsoft and Contact Form 7, WPFo

Share

CVE-2026-24849 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy