Description

OpenEMR is a free and open source electronic health records and medical practice management application. In versions up to and including 8.0.0, the eye exam (eye_mag) view loads data by `form_id` (or equivalent) without verifying that the form belongs to the current user’s patient/encounter context. An authenticated user can access or edit any patient’s eye exam by supplying another form ID; in some flows the session’s active patient may also be switched. A fix is available on the `main` branch of the OpenEMR GitHub repository.

INFO

Published Date :

2026-02-26T01:30:31.363Z

Last Modified :

2026-02-26T15:28:13.472Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2026-27943 vulnerability.

Vendors Products
Open-emr
  • Openemr
Openemr
  • Openemr
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-27943.

URL Resource
https://github.com/openemr/openemr/commit/c87489bf63f2701b634d948279e104f2ed3df1c0 cve-icon cve-icon
https://github.com/openemr/openemr/security/advisories/GHSA-q96x-qw99-6xq9 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact