CVE-2026-24896

Name of the Vulnerable Software and Affected Versions OpenEMR versions prior to 8.0.0

Description OpenEMR is an electronic health records and medical practice management application. A flaw exists where authenticated users, even those with limited privileges, can access EDI log files. This is due to insufficient access controls on the edih main.php API endpoint. Specifically, manipulating the log select parameter in a GET request bypasses role-based access control (RBAC), allowing unauthorized access to sensitive system logs.

Recommendations Update to version 8.0.0 or later.