PT-2026-22836 · Openemr · Openemr

Firehed

·

Publicado

2026-03-03

·

Atualizado

2026-03-04

·

CVE-2026-25146

CVSS v3.1

9.6

Crítica

VetorAV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
Name of the Vulnerable Software and Affected Versions OpenEMR versions 5.0.2 through 8.0.0
Description OpenEMR is an electronic health records and medical practice management application. Versions between 5.0.2 and before 8.0.0 have paths where the gateway api key secret value is rendered to the client in plaintext. Exposure of these secret keys could lead to unauthorized money movement or account takeover of payment gateway APIs. The gateway api key is a sensitive variable used for accessing payment gateway APIs.
Recommendations Update to OpenEMR version 8.0.0.

Exploit

Correção

Information Disclosure

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-200

Identificadores relacionados

CVE-2026-25146
GHSA-2HQ8-WC73-JVVQ

Produtos afetados

Openemr