CVE-2026-32123 - Vulnerability Analysis
HighCVSS: 7.7Last Updated: March 13, 2026
OpenEMR - Broken Access Control
Overview
OpenEMR < 8.0.0.1 contains a broken access control vulnerability caused by improper sensitivity checks in group encounters, letting unauthorized users view sensitive medical records, exploit requires user access.
Severity & Score
Impact
Unauthorized users can view sensitive medical encounter data, risking patient privacy and compliance violations.
Mitigation
Update to version 8.0.0.1 or later.
Social Media Activity(2 posts)
š CVE-2026-32123 - High (7.7) OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.1, sensitivity checks for group encounters are broken because the code only consults form_encounter for sensitivity, while grou... š https://www.thehackerwire.com/vulnerability/CVE-2026-32123/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original post
š CVE-2026-32123 - High (7.7) OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.1, sensitivity checks for group encounters are broken because the code only consults form_encounter for sensitivity, while grou... š https://www.thehackerwire.com/vulnerability/CVE-2026-32123/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original postRelated Resources
Details
- CVE ID
- CVE-2026-32123
- Severity
- High
- CVSS Score
- 7.7
- Type
- broken_access_control
- Status
- confirmed
- EPSS
- 2.8%
- Social Posts
- 2
CWE
- CWE-863
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N