CVE-2026-25146

Name of the Vulnerable Software and Affected Versions OpenEMR versions 5.0.2 through 8.0.0

Description OpenEMR is an electronic health records and medical practice management application. Versions between 5.0.2 and before 8.0.0 have paths where the gateway api key secret value is rendered to the client in plaintext. Exposure of these secret keys could lead to unauthorized money movement or account takeover of payment gateway APIs. The gateway api key is a sensitive variable used for accessing payment gateway APIs.

Recommendations Update to OpenEMR version 8.0.0.