CVE-2026-24847 | THREATINT

Description

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, the Eye Exam form module allows any authenticated user to be redirected to an arbitrary external URL. This can be exploited for phishing attacks against healthcare providers using OpenEMR. Version 8.0.0 fixes the issue.

PUBLISHED Reserved 2026-01-27 | Published 2026-02-25 | Updated 2026-02-25 | Assigner GitHub_M

MEDIUM: 6.1CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Problem types

CWE-601: URL Redirection to Untrusted Site ('Open Redirect')

Product status

< 8.0.0

affected

References

github.com/...penemr/security/advisories/GHSA-6f42-6q2r-fc2h

github.com/...ommit/b924459bb5b2844f8f5d3d6cedd2e854eda20aad

cve.org (CVE-2026-24847)

nvd.nist.gov (CVE-2026-24847)

Download JSON