CVE-2026-32122

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.1, the Claim File Tracker feature exposes an AJAX endpoint that returns billing claim metadata (claim IDs, payer info, transmission logs). The endpoint does not enforce the same ACL as the main billing/claims workflow, so authenticated users without appropriate billing permissions can access this data. This vulnerability is fixed in 8.0.0.1.

CVSS v3 4.3 MEDIUM

4.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://github.com/openemr/openemr/security/advisories/GHSA-rwf9-px3c-3prw	Exploit Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:open-emr:openemr:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2026-03-11 21:16

Updated : 2026-03-13 15:48

NVD link : CVE-2026-32122

Mitre link : CVE-2026-32122

CVE.ORG link : CVE-2026-32122

JSON object : View

Products Affected

open-emr

openemr

CWE

CWE-862

Missing Authorization

{"id": "CVE-2026-32122", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.8}]}, "published": "2026-03-11T21:16:17.997", "references": [{"url": "https://github.com/openemr/openemr/security/advisories/GHSA-rwf9-px3c-3prw", "tags": ["Exploit", "Vendor Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-862"}]}], "descriptions": [{"lang": "en", "value": "OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.1, the Claim File Tracker feature exposes an AJAX endpoint that returns billing claim metadata (claim IDs, payer info, transmission logs). The endpoint does not enforce the same ACL as the main billing/claims workflow, so authenticated users without appropriate billing permissions can access this data. This vulnerability is fixed in 8.0.0.1."}, {"lang": "es", "value": "OpenEMR es una aplicaci\u00f3n gratuita y de c\u00f3digo abierto de registros m\u00e9dicos electr\u00f3nicos y gesti\u00f3n de pr\u00e1ctica m\u00e9dica. Anterior a la 8.0.0.1, la funcionalidad de Seguimiento de Archivos de Reclamaciones expone un endpoint AJAX que devuelve metadatos de reclamaciones de facturaci\u00f3n (IDs de reclamaci\u00f3n, informaci\u00f3n del pagador, registros de transmisi\u00f3n). El endpoint no aplica la misma ACL que el flujo de trabajo principal de facturaci\u00f3n/reclamaciones, por lo que los usuarios autenticados sin los permisos de facturaci\u00f3n adecuados pueden acceder a estos datos. Esta vulnerabilidad se corrige en la 8.0.0.1."}], "lastModified": "2026-03-13T15:48:07.257", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:open-emr:openemr:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "136D07EE-9108-423B-AD86-E9E901940C17", "versionEndExcluding": "8.0.0.1"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}