Home / Vulnerability Intelligence / CVE-2026-24890

CVE-2026-24890 - Vulnerability Analysis

HighCVSS: 8.1

Last Updated: February 25, 2026

OpenEMR - Authorization Bypass

Published: February 25, 2026Updated: February 25, 2026Remote Exploitable

Overview

OpenEMR < 8.0.0 contains an authorization bypass caused by improper access control in the patient portal signature endpoint, letting authenticated portal users overwrite provider signatures, exploit requires authenticated portal access.

Severity & Score

Severity: High

CVSS Score: 8.1

Impact

Authenticated portal users can forge provider signatures, leading to legal compliance violations and fraud.

Mitigation

Update to version 8.0.0 or later.

References

https://github.com/openemr/openemr/commit/a29c0f7ac0975429a85cd09a3ff12ee0dcdb4478
https://github.com/openemr/openemr/security/advisories/GHSA-xc8x-mfh8-9xvh

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2026-24890
Severity: High
CVSS Score: 8.1
Type: broken_access_control
Status: new

CWE

CWE-285

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N