Home / Vulnerability Intelligence / CVE-2026-34051

CVE-2026-34051 - Vulnerability Analysis

MediumCVSS: 5.4

Last Updated: March 26, 2026

OpenEMR - Broken Access Control

Published: March 26, 2026Updated: March 26, 2026PoC AvailableRemote Exploitable

Overview

OpenEMR < 8.0.0.3 contains a broken access control caused by improper access control on Import/Export functionality, letting unauthorized users access and manipulate system data via direct request manipulation, exploit requires no special privileges.

Severity & Score

Severity: Medium

CVSS Score: 5.4

Impact

Unauthorized users can access, extract, and manipulate sensitive system data, risking data confidentiality and integrity.

Mitigation

Upgrade to version 8.0.0.3 or later.

References

https://github.com/openemr/openemr/commit/81c097f7852fc60d45adf6c13baa86cd0a1b400b
https://github.com/openemr/openemr/releases/tag/v8_0_0_3
https://github.com/openemr/openemr/security/advisories/GHSA-54m8-wpg9-9665

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2026-34051
Severity: Medium
CVSS Score: 5.4
Type: broken_access_control
Status: confirmed

CWE

CWE-285

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N