CVE-2026-32123

Name of the Vulnerable Software and Affected Versions OpenEMR versions prior to 8.0.0.1

Description OpenEMR is an electronic health records and medical practice management application. Prior to version 8.0.0.1, sensitivity checks for group encounters were not functioning correctly. The code was only checking the form encounter table for sensitivity information, while group encounters actually store this information in the form groups encounter table. This resulted in sensitivity restrictions not being applied to group encounters, potentially allowing unauthorized users to view sensitive information, such as mental health records.

Recommendations Upgrade to OpenEMR version 8.0.0.1 or later.