{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-25930", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-02-09T16:22:17.786Z", "datePublished": "2026-02-25T18:48:10.373Z", "dateUpdated": "2026-02-26T20:43:11.655Z"}, "containers": {"cna": {"title": "OpenEMR's Printable LBF Endpoint Leaks Arbitrary Patient Forms", "problemTypes": [{"descriptions": [{"cweId": "CWE-639", "lang": "en", "description": "CWE-639: Authorization Bypass Through User-Controlled Key", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/openemr/openemr/security/advisories/GHSA-h3xx-8cp7-hf7m", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/openemr/openemr/security/advisories/GHSA-h3xx-8cp7-hf7m"}, {"name": "https://github.com/openemr/openemr/commit/8c76acdd226007cc4ff3eccd3ca6193e0be6e699", "tags": ["x_refsource_MISC"], "url": "https://github.com/openemr/openemr/commit/8c76acdd226007cc4ff3eccd3ca6193e0be6e699"}], "affected": [{"vendor": "openemr", "product": "openemr", "versions": [{"version": "< 8.0.0", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-02-25T18:48:10.373Z"}, "descriptions": [{"lang": "en", "value": "OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, the Layout-Based Form (LBF) printable view accepts `formid` and `visitid` (or `patientid`) from the request and does not verify that the form belongs to the current user\u2019s authorized patient/encounter. An authenticated user with LBF access can enumerate form IDs and view or print any patient\u2019s encounter forms. Version 8.0.0 fixes the issue."}], "source": {"advisory": "GHSA-h3xx-8cp7-hf7m", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-26T20:42:38.479724Z", "id": "CVE-2026-25930", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-26T20:43:11.655Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-25930", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-02-26T20:42:38.479724Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-26T20:42:46.806Z"}}], "cna": {"title": "OpenEMR's Printable LBF Endpoint Leaks Arbitrary Patient Forms", "source": {"advisory": "GHSA-h3xx-8cp7-hf7m", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "openemr", "product": "openemr", "versions": [{"status": "affected", "version": "< 8.0.0"}]}], "references": [{"url": "https://github.com/openemr/openemr/security/advisories/GHSA-h3xx-8cp7-hf7m", "name": "https://github.com/openemr/openemr/security/advisories/GHSA-h3xx-8cp7-hf7m", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/openemr/openemr/commit/8c76acdd226007cc4ff3eccd3ca6193e0be6e699", "name": "https://github.com/openemr/openemr/commit/8c76acdd226007cc4ff3eccd3ca6193e0be6e699", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, the Layout-Based Form (LBF) printable view accepts `formid` and `visitid` (or `patientid`) from the request and does not verify that the form belongs to the current user\u2019s authorized patient/encounter. An authenticated user with LBF access can enumerate form IDs and view or print any patient\u2019s encounter forms. Version 8.0.0 fixes the issue."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-639", "description": "CWE-639: Authorization Bypass Through User-Controlled Key"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-02-25T18:48:10.373Z"}}}, "cveMetadata": {"cveId": "CVE-2026-25930", "state": "PUBLISHED", "dateUpdated": "2026-02-26T20:43:11.655Z", "dateReserved": "2026-02-09T16:22:17.786Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-02-25T18:48:10.373Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:open-emr:openemr:*:*:*:*:*:*:*:*", "matchCriteriaId": "FEAA9896-A42E-437C-BEE8-8DA955E34385", "versionEndExcluding": "8.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, the Layout-Based Form (LBF) printable view accepts `formid` and `visitid` (or `patientid`) from the request and does not verify that the form belongs to the current user\u2019s authorized patient/encounter. An authenticated user with LBF access can enumerate form IDs and view or print any patient\u2019s encounter forms. Version 8.0.0 fixes the issue."}], "id": "CVE-2026-25930", "lastModified": "2026-02-27T14:38:24.910", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-02-25T19:43:23.127", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/openemr/openemr/commit/8c76acdd226007cc4ff3eccd3ca6193e0be6e699"}, {"source": "security-advisories@github.com", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/openemr/openemr/security/advisories/GHSA-h3xx-8cp7-hf7m"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-639"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,8.0.0)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "openemr", "source": "cna", "vendor": "openemr"}, "product": "openemr", "vendor": "openemr"}], "analysis": {"en": {"generated_at": "2026-04-17T15:00:05.864705+00:00", "value": {"mitigation_remediation": ["Upgrade the OpenEMR installation to version 8.0.0 or later, which removes the unchecked form\u2011id processing.", "Restrict access to the printable LBF endpoint by applying role\u2011based permissions so only users who truly need printing rights can reach it.", "Monitor and audit print\u2011endpoint usage, reviewing logs for abnormal or unauthorized access patterns.", "Enforce least\u2011privilege on user accounts and disable LBF access for accounts that do not need it."], "summary": {"action": "Immediate Patch", "impact": "Information disclosure of patient records"}, "threat_synthesis": {"affected_systems": "The flaw exists in OpenEMR, under the vendor openemr:openemr, in all releases prior to version 8.0.0. Users deploying those earlier builds are exposed to the risk of unauthorized disclosure of patient forms.", "description_and_impact": "OpenEMR\u2019s Layout\u2011Based Form printable view accepts form identifiers and patient or visit identifiers supplied in the request without verifying that the form actually belongs to the authorized patient or encounter. An authenticated user with LBF\u2010printing privileges can therefore enumerate form IDs and view or print any patient\u2019s encounter forms, leaking highly sensitive health information. This vulnerability is classified as \u00a9639, which describes an insufficient check of the actions privileges of the user controlling input to sensitive data.", "risk_and_exploitability": "The CVSS score of 6.5 indicates moderate severity, while the EPSS of less than 1% suggests exploitation is currently unlikely. The vulnerability is not listed in the CISA KEV catalog, implying no publicly known attacks to date. However, the attack vector is feasible for any authenticated user granted LBF printing rights; an attacker with either legitimate credentials or a compromised account can exploit the endpoint. The lack of proven exploitation does not mitigate the confidentiality impact, especially in regulated healthcare settings."}}}}, "created": "2026-02-26T13:15:02.345646+00:00", "updated": "2026-04-17T15:00:11.046890+00:00", "vendors": ["openemr", "openemr$PRODUCT$openemr"]}