CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2026-32122

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.1, the Claim File Tracker feature exposes an AJAX endpoint that returns billing claim metadata (claim IDs, payer info, transmission logs). The endpoint does not enforce the same ACL as the main billing/claims workflow, so authenticated users without appropriate billing permissions can access this data. This vulnerability is fixed in 8.0.0.1.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 5.2%

CVSS Severity

CVSS v3 Score 4.3

References

https://github.com/openemr/openemr/security/advisories/GHSA-rwf9-px3c-3prw

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-32122

Products

Pricing

Contact Us