PT-2026-26347 · Openemr · Openemr+1

Pavelkohout396

Publicado

2026-03-19

Atualizado

2026-03-23

CVE-2026-33305

CVSS v2.0

5.5

Média

Vetor

AV:N/AC:L/Au:S/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions OpenEMR versions prior to 8.0.0.2

Description OpenEMR is an electronic health records and medical practice management application. A flaw exists where an authorization bypass in the optional FaxSMS module (oe-module-faxsms) allows authenticated users to invoke controller methods, including getNotificationLog(), without proper access control checks. The AppDispatch constructor bypasses ACL enforcement, potentially exposing patient appointment data (PHI).

Recommendations Update to OpenEMR version 8.0.0.2 or later.

Exploit

Correção

Missing Authorization

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-862CWE-696

Identificadores relacionados

BDU:2026-05093

CVE-2026-33305

GHSA-R973-H5CQ-35RC

Produtos afetados

Faxsms Module

Openemr

PT-2026-26347 · Openemr · Openemr+1

CVE-2026-33305

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 9