{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-27943", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-02-25T03:11:36.690Z", "datePublished": "2026-02-26T01:30:31.363Z", "dateUpdated": "2026-02-26T15:28:13.472Z"}, "containers": {"cna": {"title": "OpenEMR's Eye Exam View Trusts form_id Without Verifying Patient/Encounter Ownership", "problemTypes": [{"descriptions": [{"cweId": "CWE-639", "lang": "en", "description": "CWE-639: Authorization Bypass Through User-Controlled Key", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/openemr/openemr/security/advisories/GHSA-q96x-qw99-6xq9", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/openemr/openemr/security/advisories/GHSA-q96x-qw99-6xq9"}, {"name": "https://github.com/openemr/openemr/commit/c87489bf63f2701b634d948279e104f2ed3df1c0", "tags": ["x_refsource_MISC"], "url": "https://github.com/openemr/openemr/commit/c87489bf63f2701b634d948279e104f2ed3df1c0"}], "affected": [{"vendor": "openemr", "product": "openemr", "versions": [{"version": "<= 8.0.0", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-02-26T01:30:31.363Z"}, "descriptions": [{"lang": "en", "value": "OpenEMR is a free and open source electronic health records and medical practice management application. In versions up to and including 8.0.0, the eye exam (eye_mag) view loads data by `form_id` (or equivalent) without verifying that the form belongs to the current user\u2019s patient/encounter context. An authenticated user can access or edit any patient\u2019s eye exam by supplying another form ID; in some flows the session\u2019s active patient may also be switched. A fix is available on the `main` branch of the OpenEMR GitHub repository."}], "source": {"advisory": "GHSA-q96x-qw99-6xq9", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-26T15:27:04.147520Z", "id": "CVE-2026-27943", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-26T15:28:13.472Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-27943", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-02-26T15:27:04.147520Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-26T15:28:06.288Z"}}], "cna": {"title": "OpenEMR's Eye Exam View Trusts form_id Without Verifying Patient/Encounter Ownership", "source": {"advisory": "GHSA-q96x-qw99-6xq9", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "openemr", "product": "openemr", "versions": [{"status": "affected", "version": "<= 8.0.0"}]}], "references": [{"url": "https://github.com/openemr/openemr/security/advisories/GHSA-q96x-qw99-6xq9", "name": "https://github.com/openemr/openemr/security/advisories/GHSA-q96x-qw99-6xq9", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/openemr/openemr/commit/c87489bf63f2701b634d948279e104f2ed3df1c0", "name": "https://github.com/openemr/openemr/commit/c87489bf63f2701b634d948279e104f2ed3df1c0", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "OpenEMR is a free and open source electronic health records and medical practice management application. In versions up to and including 8.0.0, the eye exam (eye_mag) view loads data by `form_id` (or equivalent) without verifying that the form belongs to the current user\u2019s patient/encounter context. An authenticated user can access or edit any patient\u2019s eye exam by supplying another form ID; in some flows the session\u2019s active patient may also be switched. A fix is available on the `main` branch of the OpenEMR GitHub repository."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-639", "description": "CWE-639: Authorization Bypass Through User-Controlled Key"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-02-26T01:30:31.363Z"}}}, "cveMetadata": {"cveId": "CVE-2026-27943", "state": "PUBLISHED", "dateUpdated": "2026-02-26T15:28:13.472Z", "dateReserved": "2026-02-25T03:11:36.690Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-02-26T01:30:31.363Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:open-emr:openemr:*:*:*:*:*:*:*:*", "matchCriteriaId": "1D995E4F-C6E0-47AC-9F5A-4E828BA9A292", "versionEndIncluding": "8.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "OpenEMR is a free and open source electronic health records and medical practice management application. In versions up to and including 8.0.0, the eye exam (eye_mag) view loads data by `form_id` (or equivalent) without verifying that the form belongs to the current user\u2019s patient/encounter context. An authenticated user can access or edit any patient\u2019s eye exam by supplying another form ID; in some flows the session\u2019s active patient may also be switched. A fix is available on the `main` branch of the OpenEMR GitHub repository."}], "id": "CVE-2026-27943", "lastModified": "2026-02-27T14:51:27.900", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-02-26T02:16:22.547", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/openemr/openemr/commit/c87489bf63f2701b634d948279e104f2ed3df1c0"}, {"source": "security-advisories@github.com", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/openemr/openemr/security/advisories/GHSA-q96x-qw99-6xq9"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-639"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,8.0.0]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "openemr", "source": "cna", "vendor": "openemr"}, "product": "openemr", "vendor": "openemr"}], "analysis": {"en": {"generated_at": "2026-04-18T10:26:58.240485+00:00", "value": {"mitigation_remediation": ["Deploy the latest OpenEMR release that includes the form_id ownership fix or merge the patch from the main branch.", "Disable or restrict the ability for users to provide arbitrary form_id values in the eye exam view, ensuring the system only accepts form IDs that belong to the current patient context.", "Limit access to the eye exam view to users with appropriate roles (e.g., ophthalmologists, authorized clinicians) and enforce role-based access control.", "Implement monitoring of eye exam form access logs to detect suspicious activity, such as repeated attempts to load unauthorized form IDs."], "summary": {"action": "Patch Now", "impact": "Unauthorized access to patient eye exam data"}, "threat_synthesis": {"affected_systems": "The affected product is OpenEMR, versions up to and including 8.0.0. Any deployment of these releases that permits login access is vulnerable.", "description_and_impact": "The eye exam (eye_mag) view in OpenEMR loads data based on form_id without validating that the data belongs to the user\u2019s current patient or encounter. An authenticated user who knows or guesses another patient\u2019s form identifier can therefore view or edit that patient\u2019s eye exam records. This flaw violates confidentiality and integrity of protected health information and is classified as CWE\u2011639.", "risk_and_exploitability": "The CVSS base score is 6.5, indicating a medium severity vulnerability. The EPSS score is below 1%, suggesting a low likelihood of exploitation at this time, and it is not listed in the CISA KEV catalog. A threat actor would need valid user credentials and knowledge of a target form_id to exploit the flaw; the attack vector is therefore authenticated access within the application. The vulnerability would allow unauthorized data exposure and potential manipulation of patient records."}}}}, "created": "2026-02-26T13:09:59.840335+00:00", "updated": "2026-04-18T10:30:35.765591+00:00", "vendors": ["openemr", "openemr$PRODUCT$openemr"]}