CVE-2026-33918
HIGHCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L
Lifecycle Timeline
2Description
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, the billing file-download endpoint `interface/billing/get_claim_file.php` only verifies that the caller has a valid session and CSRF token, but does not check any ACL permissions. This allows any authenticated OpenEMR user - regardless of whether they have billing privileges - to download and permanently delete electronic claim batch files containing protected health information (PHI). Version 8.0.0.3 patches the issue.
Analysis
Improper access control in OpenEMR versions prior to 8.0.0.3 allows any authenticated user to download and permanently delete electronic claim batch files containing protected health information (PHI) via the billing file-download endpoint, regardless of whether they have billing privileges. The vulnerability has a 7.6 CVSS score with low attack complexity and requires only low-level authentication. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Audit access logs for the billing file-download endpoint to identify unauthorized access or deletion activity by non-billing staff. Within 7 days: Implement network-level restrictions limiting endpoint access to users with documented billing responsibilities, or disable the billing file-download feature if not operationally critical. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today