CVE-2026-34056
HIGHCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Lifecycle Timeline
2Description
OpenEMR is a free and open source electronic health records and medical practice management application. A Broken Access Control vulnerability in OpenEMR up to and including version 8.0.0.3 allows low-privilege users to view and download Ensora eRx error logs without proper authorization checks. This flaw compromises system confidentiality by exposing sensitive information, potentially leading to unauthorized data disclosure and misuse. As of time of publication, no known patches versions are available.
Analysis
Low-privilege authenticated users in OpenEMR versions up to and including 8.0.0.3 can view and download Ensora eRx error logs due to missing authorization checks, exposing sensitive healthcare system information. This broken access control vulnerability (CVSS 7.7) affects network-accessible installations and has a 3% EPSS exploitation probability (8th percentile), with no public exploit identified at time of analysis. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Inventory all OpenEMR 8.0.0.3 and earlier installations and verify network accessibility; document current user roles and access levels. Within 7 days: Implement network segmentation to restrict OpenEMR access to authorized clinical staff only, and review access logs for suspicious eRx log downloads by low-privilege users. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today