What is the CVSS score of EUVD-2026-13164?

EUVD-2026-13164 has a CVSS 3.1 base score of 7.6 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L. EPSS exploitation probability: 0.0%.

Which versions of Openemr are affected by EUVD-2026-13164?

OpenEMR versions before 8.0.0.2 contain an authenticated SSRF vulnerability in Eye Exam PDF generation that allows users with Notes role privileges to forge arbitrary network requests from the…. A patch is available.

How to fix or mitigate EUVD-2026-13164?

Within 24 hours: Identify all OpenEMR instances and document current versions; restrict Notes role access to users with demonstrated need-to-know. Within 7 days: Apply vendor patch to upgrade to OpenEMR 8.0.0.2 or later on all affected systems; validate patch deployment. Within 30 days: Conduct access review of all Notes role accounts; implement network segmentation to restrict server-initiated outbound requests to approved destinations only.

Openemr EUVD-2026-13164

| CVE-2026-33321 HIGH

Server-Side Request Forgery (SSRF) (CWE-918)

2026-03-19 GitHub_M

SSRF Openemr

7.6

CVSS 3.1 · GitHub Advisory

Severity by source

GitHub Advisory PRIMARY

7.6 HIGH

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

Low

Availability

Low

Lifecycle Timeline

Analysis Updated

Apr 16, 2026 - 06:20 EUVD-patch-fix

executive_summary

Re-analysis Queued

Apr 16, 2026 - 05:29 backfill_euvd_patch

patch_released

Patch available

Apr 16, 2026 - 05:29 EUVD

8.0.0.2

EUVD ID Assigned

Mar 19, 2026 - 21:00 euvd

EUVD-2026-13164

Analysis Generated

Mar 19, 2026 - 21:00 vuln.today

CVE Published

Mar 19, 2026 - 20:20 nvd

HIGH 7.6

DescriptionGitHub Advisory

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.2, users with the Notes - my encounters role can fill Eye Exam forms in patient encounters. The answers to the form can be printed out in PDF form. An Out-of-Band Server-Side Request Forgery (OOB SSRF) vulnerability was identified in the PDF creation function where the form answers are parsed as unescaped HTML, allowing an attacker to forge requests from the server made to external or internal resources. Version 8.0.0.2 fixes the issue.

AnalysisAI

OpenEMR versions prior to 8.0.0.2 allow authenticated users with the Notes role to trigger an out-of-band Server-Side Request Forgery (SSRF) vulnerability through unescaped HTML parsing in Eye Exam form PDF generation, enabling attackers to forge requests to arbitrary internal or external resources from the affected server. This vulnerability requires valid user credentials but no user interaction, and can lead to information disclosure or further internal network compromise. …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access

Authenticate as user with Notes role

Delivery

Fill Eye Exam form with malicious HTML

Exploit

Request PDF export of form

Execution

Server parses unescaped HTML

Persist

SSRF payload triggers request to internal resource

Impact

Attacker exfiltrates sensitive data