EUVD-2026-13164
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L
Lifecycle Timeline
3Tags
Description
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.2, users with the `Notes - my encounters` role can fill Eye Exam forms in patient encounters. The answers to the form can be printed out in PDF form. An Out-of-Band Server-Side Request Forgery (OOB SSRF) vulnerability was identified in the PDF creation function where the form answers are parsed as unescaped HTML, allowing an attacker to forge requests from the server made to external or internal resources. Version 8.0.0.2 fixes the issue.
Analysis
OpenEMR versions prior to 8.0.0.2 allow authenticated users with the Notes role to trigger an out-of-band Server-Side Request Forgery (SSRF) vulnerability through unescaped HTML parsing in Eye Exam form PDF generation, enabling attackers to forge requests to arbitrary internal or external resources from the affected server. This vulnerability requires valid user credentials but no user interaction, and can lead to information disclosure or further internal network compromise. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Inventory all OpenEMR deployments and identify instances running versions below 8.0.0.2; restrict PDF export functionality to administrative users only through access controls. Within 7 days: Implement network segmentation to limit OpenEMR server outbound connections to necessary endpoints only; deploy WAF rules to block suspicious PDF generation requests. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today