CVE-2026-24849

Name of the Vulnerable Software and Affected Versions OpenEMR versions prior to 7.0.4

Description OpenEMR is an open source electronic health records and medical practice management application. Prior to version 7.0.4, the disposeDocument() method in EtherFaxActions.php allows authenticated users to read arbitrary files from the server filesystem. Any authenticated user, regardless of privilege level, can exploit this to read sensitive files. The disposeDocument() function is vulnerable.

Recommendations Update to version 7.0.4.