CRITICAL🇵🇱 Wersja polska

CVE-2026-24898

CVSS 10.0v3.1pub. 2026-03-03upd. 2026-03-04

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0, an unauthenticated token disclosure vulnerability in the MedEx callback endpoint allows any unauthenticated visitor to obtain the practice's MedEx API tokens, leading to complete third-party service compromise, PHI exfiltration, unauthorized actions on the MedEx platform, and HIPAA violations. The vulnerability exists because the endpoint bypasses authentication ($ignoreAuth = true) and performs a MedEx login whenever $_POST['callback_key'] is provided, returning the full JSON response including sensitive API tokens. This vulnerability is fixed in 8.0.0.

🤖 AI Analysis
How it works

The MedEx callback endpoint is configured with the parameter $ignoreAuth = true, which means complete bypass of the authentication mechanism. When an attacker sends a POST request containing the callback_key parameter, the application automatically performs login to MedEx and returns a complete JSON response containing sensitive API tokens. No authentication credentials or prior system access are required—the attack is possible for any anonymous user with network access to the OpenEMR instance.

Impact

An attacker obtains full MedEx API tokens of a medical practice, enabling MedEx service takeover, theft of protected patient health information (PHI), and execution of unauthorized actions on the MedEx platform, resulting in HIPAA compliance violations.

Mitigation & patch

OpenEMR must be immediately updated to version 8.0.0, in which the vulnerability has been fixed. The patch is available in the project repository (commit 8e4de59ab58222f13abc4e4040128737d857db9c). Until the update is applied, consider restricting network access to the OpenEMR instance at the firewall level.

Who is affected

OpenEMR in all versions before 8.0.0

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
  • Open Emr Openemr

    APP
    Open-Emr
    < 8.0.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Auth Bypass
CWE
References

Related vulnerabilities

CVE-2026-32238CRITICAL9.1PL ✓ten sam produkt

Command Injection w funkcji backup OpenEMR (wersje przed 8.0.0.2)

CVE-2026-25146CRITICAL9.6PL ✓ten sam produkt

OpenEMR: Wyciek klucza API bramki płatności do klienta w plaintext

CVE-2026-24908CRITICAL9.9PL ✓ten sam produkt

SQL Injection w OpenEMR — narażenie danych PHI przez parametr _sort

CVE-2026-24849CRITICAL9.9PL ✓ten sam produkt

OpenEMR: path traversal umożliwia odczyt dowolnych plików przez uwierzytelnionego użytkownika

CVE-2024-22611CRITICAL9.8PL ✓ten sam produkt

SQL Injection w OpenEMR 7.0.2 — krytyczna podatność w module aptecznym