Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.1
OpenEMR <= 8.0.0.2: Unauthorized Users Can Delete Patient Data
CVE-2026-34053
Summary
Using OpenEMR, any authorized user can delete sensitive patient data, including medical records and test results, by exploiting a previously patched bug. This can lead to lost or altered patient information. Users should update to the latest version.
Original title
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, missing authorization in the AJAX deletion endpoint `interface/for...
Original description
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, missing authorization in the AJAX deletion endpoint `interface/forms/procedure_order/handle_deletions.php` allows any authenticated user, regardless of role, to irreversibly delete procedure orders, answers, and specimens belonging to any patient in the system. Version 8.0.0.3 patches the issue.
nvd CVSS3.1
7.1
Vulnerability type
CWE-862
Missing Authorization
Published: 26 Mar 2026 · Updated: 26 Mar 2026 · First seen: 26 Mar 2026