CVE-2026-24896 – OpenEMR has Broken Access Control that allows unauthorized access to EDI Logs

CVE ID : CVE-2026-24896

Published : Feb. 25, 2026, 2:16 a.m. | 50 minutes ago

Description : OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, a Broken Access Control vulnerability exists in OpenEMR’s edih_main.php endpoint, which allows any authenticated user—including low-privilege roles like Receptionist—to access EDI log files by manipulating the log_select parameter in a GET request. The back-end fails to enforce role-based access control (RBAC), allowing sensitive system logs to be accessed outside the GUI-enforced permission boundaries. Version 8.0.0 fixes the issue.

Severity: 6.5 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2026-24896 – OpenEMR has Broken Access Control that allows unauthorized access to EDI Logs

تکمیل ظرفیت سرور لهستان

سرور مناسب برای ترید و ارز دیجیتال

دیتاسنتر جدید در لهستان

سرور های جدید از اسپانیا

AMD EPYC & Ryzen از کشور انگلستان

آفر های جدید AMD EPYC و AMD Ryzen

آفر سرور اختصاصی از آمریکا

افزایش قیمت دامنه های ir از ۳۱ خرداد

افزایش قیمت جهانی دامنه .com

آفر های جدید سرور اختصاصی مرداد 1403

CVE-2026-25785 – Lanscope Endpoint Manager (On-Premises) Path Traversal Remote Code Execution

سرور های جدید از روسیه-وارز

تخفیف ویژه دامنه .ASIA

ثبت دامنه .IO

انتقال رایگان پسوند دامنه PW

Kerio Control 9.2.4 Build 2223

نوشته های مشابه

CVE-2026-3166 – Tenda F453 httpd RouteStatic fromRouteStatic buffer overflow

CVE-2026-3179 – A path traversal vulnerability was found in the FTP Backup on the ADM.

CVE-2026-3165 – Tenda F453 httpd AdvSetWrlsafeset fromSetWifiGusetBasic buffer overflow

CVE-2026-3164 – itsourcecode News Portal Project contactus.php sql injection