{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-32122", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-03-10T22:19:36.544Z", "datePublished": "2026-03-11T20:48:26.510Z", "dateUpdated": "2026-03-12T14:09:01.436Z"}, "containers": {"cna": {"title": "OpenEMR: Missing Authorization on Claim File Tracker UI and AJAX Endpoint (V2)", "problemTypes": [{"descriptions": [{"cweId": "CWE-862", "lang": "en", "description": "CWE-862: Missing Authorization", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/openemr/openemr/security/advisories/GHSA-rwf9-px3c-3prw", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/openemr/openemr/security/advisories/GHSA-rwf9-px3c-3prw"}], "affected": [{"vendor": "openemr", "product": "openemr", "versions": [{"version": "< 8.0.0.1", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-11T20:49:55.303Z"}, "descriptions": [{"lang": "en", "value": "OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.1, the Claim File Tracker feature exposes an AJAX endpoint that returns billing claim metadata (claim IDs, payer info, transmission logs). The endpoint does not enforce the same ACL as the main billing/claims workflow, so authenticated users without appropriate billing permissions can access this data. This vulnerability is fixed in 8.0.0.1."}], "source": {"advisory": "GHSA-rwf9-px3c-3prw", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-12T14:08:42.832110Z", "id": "CVE-2026-32122", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-12T14:09:01.436Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-32122", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-12T14:08:42.832110Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-12T14:08:56.411Z"}}], "cna": {"title": "OpenEMR: Missing Authorization on Claim File Tracker UI and AJAX Endpoint (V2)", "source": {"advisory": "GHSA-rwf9-px3c-3prw", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}}], "affected": [{"vendor": "openemr", "product": "openemr", "versions": [{"status": "affected", "version": "< 8.0.0.1"}]}], "references": [{"url": "https://github.com/openemr/openemr/security/advisories/GHSA-rwf9-px3c-3prw", "name": "https://github.com/openemr/openemr/security/advisories/GHSA-rwf9-px3c-3prw", "tags": ["x_refsource_CONFIRM"]}], "descriptions": [{"lang": "en", "value": "OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.1, the Claim File Tracker feature exposes an AJAX endpoint that returns billing claim metadata (claim IDs, payer info, transmission logs). The endpoint does not enforce the same ACL as the main billing/claims workflow, so authenticated users without appropriate billing permissions can access this data. This vulnerability is fixed in 8.0.0.1."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-862", "description": "CWE-862: Missing Authorization"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-11T20:49:55.303Z"}}}, "cveMetadata": {"cveId": "CVE-2026-32122", "state": "PUBLISHED", "dateUpdated": "2026-03-12T14:09:01.436Z", "dateReserved": "2026-03-10T22:19:36.544Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-03-11T20:48:26.510Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:open-emr:openemr:*:*:*:*:*:*:*:*", "matchCriteriaId": "136D07EE-9108-423B-AD86-E9E901940C17", "versionEndExcluding": "8.0.0.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.1, the Claim File Tracker feature exposes an AJAX endpoint that returns billing claim metadata (claim IDs, payer info, transmission logs). The endpoint does not enforce the same ACL as the main billing/claims workflow, so authenticated users without appropriate billing permissions can access this data. This vulnerability is fixed in 8.0.0.1."}, {"lang": "es", "value": "OpenEMR es una aplicaci\u00f3n gratuita y de c\u00f3digo abierto de registros m\u00e9dicos electr\u00f3nicos y gesti\u00f3n de pr\u00e1ctica m\u00e9dica. Anterior a la 8.0.0.1, la funcionalidad de Seguimiento de Archivos de Reclamaciones expone un endpoint AJAX que devuelve metadatos de reclamaciones de facturaci\u00f3n (IDs de reclamaci\u00f3n, informaci\u00f3n del pagador, registros de transmisi\u00f3n). El endpoint no aplica la misma ACL que el flujo de trabajo principal de facturaci\u00f3n/reclamaciones, por lo que los usuarios autenticados sin los permisos de facturaci\u00f3n adecuados pueden acceder a estos datos. Esta vulnerabilidad se corrige en la 8.0.0.1."}], "id": "CVE-2026-32122", "lastModified": "2026-03-13T15:48:07.257", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-03-11T21:16:17.997", "references": [{"source": "security-advisories@github.com", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/openemr/openemr/security/advisories/GHSA-rwf9-px3c-3prw"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,8.0.0.1)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "openemr", "source": "cna", "vendor": "openemr"}, "product": "openemr", "vendor": "openemr"}], "analysis": {"en": {"generated_at": "2026-03-17T16:22:11.617937+00:00", "value": {"mitigation_remediation": ["Upgrade OpenEMR to version 8.0.0.1 or later"], "summary": {"action": "Immediate Patch", "impact": "Unauthorized access to sensitive claim data"}, "threat_synthesis": {"affected_systems": "The flaw exists in OpenEMR versions prior to 8.0.0.1. The affected product is OpenEMR from the vendor openemr. Any instance running a version earlier than 8.0.0.1 is vulnerable; upgrading to 8.0.0.1 or later secures the endpoint and restores proper ACL enforcement.", "description_and_impact": "The vulnerability in OpenEMR allows authenticated users who lack formal billing or claims workflow permissions to retrieve billing claim metadata through a dedicated AJAX endpoint. Because the endpoint does not enforce the same access\u2011control lists (ACLs) as the main billing and claims interface, an attacker can gain read\u2011only visibility to claim IDs, payer information, and transmission logs. This represents an unauthorized data disclosure and is identified as a CWE\u2011862 \"Missing Authorization in Sensitive Functionality\" weakness. The impact is the loss of confidentiality for claim information, potentially exposing protected health information to non\u2011privileged users.", "risk_and_exploitability": "The CVSS score for this vulnerability is 4.3, indicating a moderate severity. The EPSS score is below 1%, suggesting a low probability of exploitation in the wild. The vulnerability is not listed in the CISA KEV catalog, further indicating limited known exploitation. Attack vector is authenticated: an attacker must already have legitimate system credentials but no billing privileges. The narrow scope of the data exposed and the need for legitimate authentication reduce the overall risk, yet the confidentiality breach remains a concern for healthcare compliance."}}}}, "created": "2026-03-12T09:55:55.296050+00:00", "updated": "2026-03-20T15:37:02.400356+00:00", "vendors": ["openemr", "openemr$PRODUCT$openemr"]}