Description
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.2, an authorization bypass in the dated reminders log allows any authenticated non-admin user to view reminder messages belonging to other users, including associated patient names and free-text message content, by crafting a GET request with arbitrary user IDs in the `sentTo[]` or `sentBy[]` parameters. Version 8.0.0.2 fixes the issue.
Published: 2026-03-19
Score: 6.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: unauthorized disclosure of patient reminder messages
Action: Immediate Patch
AI Analysis

Impact

A flaw in the dated reminders log of OpenEMR allows an authenticated user without administrative privileges to access reminder data belonging to other users. By crafting a query that includes arbitrary user identifiers in the sentTo[] or sentBy[] parameters, a user can retrieve patient names, free‑text messages, and other sensitive information. This constitutes a confidentiality breach and exposes private health data.

Affected Systems

The vulnerability affects OpenEMR versions earlier than 8.0.0.2. Users running these versions on any platform are susceptible; the fix is available in OpenEMR 8.0.0.2 and later releases.

Risk and Exploitability

The CVSS v3 score of 6.5 reflects medium severity, while the EPSS score indicates an exploitation probability below 1%. The vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog. Exploitation requires remote access to the web interface and authentication of a non‑admin account; no special privileges beyond normal user access are needed to construct the malicious GET request.

Generated by OpenCVE AI on March 20, 2026 at 16:29 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade OpenEMR to version 8.0.0.2 or later to address the authorization bypass.

Generated by OpenCVE AI on March 20, 2026 at 16:29 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 20 Mar 2026 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 20 Mar 2026 15:15:00 +0000

Type Values Removed Values Added
First Time appeared Open-emr
Open-emr openemr
CPEs cpe:2.3:a:open-emr:openemr:*:*:*:*:*:*:*:*
Vendors & Products Open-emr
Open-emr openemr

Fri, 20 Mar 2026 09:00:00 +0000

Type Values Removed Values Added
First Time appeared Openemr
Openemr openemr
Vendors & Products Openemr
Openemr openemr

Thu, 19 Mar 2026 20:45:00 +0000

Type Values Removed Values Added
Description OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.2, an authorization bypass in the dated reminders log allows any authenticated non-admin user to view reminder messages belonging to other users, including associated patient names and free-text message content, by crafting a GET request with arbitrary user IDs in the `sentTo[]` or `sentBy[]` parameters. Version 8.0.0.2 fixes the issue.
Title OpenEMR has Authorization Bypass in Dated Reminders Log
Weaknesses CWE-639
CWE-862
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N'}

Subscriptions

Open-emr Openemr
Openemr Openemr
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-03-20T19:27:51.911Z

Reserved: 2026-03-18T18:55:47.428Z

Link: CVE-2026-33304

cve-icon Vulnrichment

Updated: 2026-03-20T19:27:39.377Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-19T21:17:11.700

Modified: 2026-03-20T15:06:16.093

Link: CVE-2026-33304

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-25T11:55:03Z

Weaknesses