CVE-2026-27943

Name of the Vulnerable Software and Affected Versions OpenEMR versions up to and including 8.0.0

Description OpenEMR is an electronic health records and medical practice management application. Versions up to 8.0.0 do not verify that a form belongs to the current user’s patient or encounter context when loading data via the form id parameter in the eye exam (eye mag) view. This allows an authenticated user to access or edit any patient’s eye exam by providing another form ID, and potentially switch the session’s active patient in some flows.

Recommendations Update to a version with the fix available on the main branch of the OpenEMR GitHub repository.