CVE-2026-34053

Name of the Vulnerable Software and Affected Versions OpenEMR versions prior to 8.0.0.3

Description OpenEMR is an electronic health records and medical practice management application. A missing authorization check in the AJAX deletion endpoint interface/forms/procedure order/handle deletions.php allows any authenticated user to delete procedure orders, answers, and specimens belonging to any patient, regardless of their assigned role. This deletion is irreversible.

Recommendations Update to version 8.0.0.3 or later.