Description
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, an authorization bypass vulnerability in the patient portal signature endpoint allows authenticated portal users to upload and overwrite provider signatures by setting `type=admin-signature` and specifying any provider user ID. This could potentially lead to signature forgery on medical documents, legal compliance violations, and fraud. The issue occurs when portal users are allowed to modify provider signatures without proper authorization checks. Version 8.0.0 fixes the issue.
Published: 2026-02-25
Score: 8.1 High
EPSS: < 1% Very Low
KEV: No
Impact: Authorization bypass allowing portal users to forge provider signatures
Action: Patch
AI Analysis

Impact

An authorization bypass exists in the patient portal signature endpoint of OpenEMR versions prior to 8.0.0. By submitting a request with type=admin-signature and specifying any provider user ID, an authenticated portal user can upload and overwrite a provider’s signature. This allows an attacker to forge signatures on medical documents, potentially leading to data integrity violations, legal compliance breaches, and fraud.

Affected Systems

The vulnerability affects all OpenEMR releases before version 8.0.0. The fix was applied in OpenEMR 8.0.0, which removes the vulnerable endpoint and enforces proper permission checks.

Risk and Exploitability

The CVSS score of 8.1 classifies the vulnerability as high severity. EPSS indicates an exploitation probability lower than one percent, but the requirement is only a valid portal login, making the attack vector widely reachable. The issue is not yet listed in the CISA KEV catalog. Exploitation requires authenticated access; the flaw can be leveraged by any portal user to sign documents as a provider without proper authorization. CWE-285 describes the underlying insecure privilege management.

Generated by OpenCVE AI on April 18, 2026 at 10:38 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to OpenEMR version 8.0.0 or later, which removes the flawed endpoint.
  • Ensure that the signature upload feature is accessible only to users with the provider role and that the type parameter cannot be set to admin-signature by unauthorized accounts.
  • Audit recent signature uploads in the system logs to identify and revoke any signatures that may have been altered by unauthorized portal users.

Generated by OpenCVE AI on April 18, 2026 at 10:38 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 27 Feb 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 27 Feb 2026 14:45:00 +0000

Type Values Removed Values Added
First Time appeared Open-emr
Open-emr openemr
CPEs cpe:2.3:a:open-emr:openemr:*:*:*:*:*:*:*:*
Vendors & Products Open-emr
Open-emr openemr

Thu, 26 Feb 2026 13:30:00 +0000

Type Values Removed Values Added
First Time appeared Openemr
Openemr openemr
Vendors & Products Openemr
Openemr openemr

Wed, 25 Feb 2026 19:00:00 +0000

Type Values Removed Values Added
Description OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, an authorization bypass vulnerability in the patient portal signature endpoint allows authenticated portal users to upload and overwrite provider signatures by setting `type=admin-signature` and specifying any provider user ID. This could potentially lead to signature forgery on medical documents, legal compliance violations, and fraud. The issue occurs when portal users are allowed to modify provider signatures without proper authorization checks. Version 8.0.0 fixes the issue.
Title OpenEMR Portal Users Can Forge Provider Signatures
Weaknesses CWE-285
References
Metrics cvssV3_1

{'score': 8.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N'}

Subscriptions

Open-emr Openemr
Openemr Openemr
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-02-26T16:15:28.455Z

Reserved: 2026-01-27T19:35:20.528Z

Link: CVE-2026-24890

cve-icon Vulnrichment

Updated: 2026-02-26T16:15:12.349Z

cve-icon NVD

Status : Analyzed

Published: 2026-02-25T19:43:21.500

Modified: 2026-02-27T14:43:28.020

Link: CVE-2026-24890

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T10:45:43Z

Weaknesses