{"id":77927,"date":"2026-02-25T05:46:22","date_gmt":"2026-02-25T02:16:22","guid":{"rendered":"https:\/\/afaghhosting.net\/blog\/cve-2026-24849-openemr-arbitrary-file-read-vulnerability\/"},"modified":"2026-02-25T05:46:22","modified_gmt":"2026-02-25T02:16:22","slug":"cve-2026-24849-openemr-arbitrary-file-read-vulnerability","status":"publish","type":"post","link":"https:\/\/afaghhosting.net\/blog\/cve-2026-24849-openemr-arbitrary-file-read-vulnerability\/","title":{"rendered":"CVE-2026-24849 &#8211; OpenEMR Arbitrary File Read Vulnerability"},"content":{"rendered":"<p>CVE ID : CVE-2026-24849<\/p>\n<p>Published :  Feb. 25, 2026, 2:16 a.m. | 50\u00a0minutes ago<\/p>\n<p>Description : OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 7.0.4, the\u00a0`disposeDocument()`\u00a0method in\u00a0`EtherFaxActions.php`\u00a0allows authenticated users to read arbitrary files from the server filesystem. Any authenticated user (regardless of privilege level) can exploit this vulnerability to read sensitive files. Version 7.0.4 patches the issue.<\/p>\n<p>Severity: 9.9 | CRITICAL<\/p>\n<p>Visit the link for more details, such as CVSS details, affected products, timeline, and more&#8230;\u00a0<\/p>\n","protected":false},"excerpt":{"rendered":"<p>CVE ID : CVE-2026-24849 Published : Feb. 25, 2026, 2:16 a.m. | 50\u00a0minutes ago Description : OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 7.0.4, the\u00a0`disposeDocument()`\u00a0method in\u00a0`EtherFaxActions.php`\u00a0allows authenticated users to read arbitrary files from the server filesystem. Any authenticated user (regardless of privilege level) can &hellip;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-77927","post","type-post","status-publish","format-standard","hentry","category-vulnerability"],"_links":{"self":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/77927","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/comments?post=77927"}],"version-history":[{"count":0,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/77927\/revisions"}],"wp:attachment":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/media?parent=77927"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/categories?post=77927"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/tags?post=77927"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}