3
0
3
0
Vulnerability Timeline
3 vulnerabilities discovered over time for Openemr
Severity Distribution
| Description | Vendor / Product | Exploit Status | |||
|---|---|---|---|---|---|
| CVE-2026-24488 | 6.5 | This vulnerability allows an attacker to send any file from the server, including sensitive information like database credentials and patient documents, to a phone number they control. It can be exploited by any authenticated user of the system, as the application does not properly restrict which files can be accessed or sent. | open-emropenemr | Exploit Available | about 1 month agoFeb 27, 2026 |
| CVE-2022-2824 | 5.4 | This vulnerability allows an attacker to bypass authorization controls and gain access to restricted areas of the OpenEMR application. To exploit this, the attacker needs to manipulate a user-controlled key, which could happen if they have access to the application or its configuration. | open-emropenemr | Exploit Available | over 3 years agoAug 15, 2022 |
| CVE-2022-2732 | 8.3 | This vulnerability allows an attacker to access sensitive information or perform unauthorized actions within the OpenEMR system if they can exploit the missing authorization checks. It affects versions prior to 7.0.0.1, meaning users running older versions are at risk. | open-emropenemr | Exploit Available | over 3 years agoAug 9, 2022 |
About Open-emr Openemr Security
This page provides comprehensive security vulnerability tracking for Open-emr Openemr. Our database includes all CVEs affecting this product, updated in real-time from official sources.
Each vulnerability listing includes detailed CVSS severity analysis, exploit availability status, AI-generated explanations, and direct links to official security patches and vendor advisories.
Security Recommendations
- • Always keep Openemr updated to the latest version
- • Subscribe to security advisories from Open-emr
- • Monitor this page for new vulnerabilities affecting your version
- • Prioritize patching critical and high severity issues immediately