CVE-2026-34055 - Vulnerability Analysis
HighCVSS: 8.1Last Updated: March 26, 2026
OpenEMR - Broken Access Control
Overview
OpenEMR < 8.0.0.3 contains a broken access control caused by lack of authorization checks on patient note updates and deletes in library/pnotes.inc.php, letting authenticated users modify notes they are not authorized to access, exploit requires user authentication.
Severity & Score
Impact
Authenticated users can modify or delete patient notes they are not authorized to access, risking data integrity and privacy.
Mitigation
Update to version 8.0.0.3 or later.
References
Social Media Activity(2 posts)
š CVE-2026-34055 - High (8.1) OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, the legacy patient notes functions in `library/pnotes.inc.php` perform updates and deletes using `WHERE id = ?` with... š https://www.thehackerwire.com/vulnerability/CVE-2026-34055/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original post
š CVE-2026-34055 - High (8.1) OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, the legacy patient notes functions in `library/pnotes.inc.php` perform updates and deletes using `WHERE id = ?` with... š https://www.thehackerwire.com/vulnerability/CVE-2026-34055/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original postRelated Resources
Details
- CVE ID
- CVE-2026-34055
- Severity
- High
- CVSS Score
- 8.1
- Type
- broken_access_control
- Status
- new
- EPSS
- 0.0%
- Social Posts
- 2
CWE
- CWE-639
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N