Description

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, a Broken Access Control vulnerability exists in OpenEMR’s edih_main.php endpoint, which allows any authenticated user—including low-privilege roles like Receptionist—to access EDI log files by manipulating the log_select parameter in a GET request. The back-end fails to enforce role-based access control (RBAC), allowing sensitive system logs to be accessed outside the GUI-enforced permission boundaries. Version 8.0.0 fixes the issue.

INFO

Published Date :

2026-02-25T01:47:59.765Z

Last Modified :

2026-02-25T20:58:20.711Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2026-24896 vulnerability.

Vendors Products
Open-emr
  • Openemr
Openemr
  • Openemr
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-24896.

URL Resource
https://github.com/openemr/openemr/commit/1a57dfc244b30e96e7ebdb5ba6f331a6eb868df1 cve-icon cve-icon
https://github.com/openemr/openemr/security/advisories/GHSA-rccq-vjfg-ggjh cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact