Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
6.1
OpenEMR: Unrestricted Redirect to External Websites
CVE-2026-24847
Summary
OpenEMR's Eye Exam form module in versions prior to 8.0.0 allows any authenticated user to be redirected to any website. This makes it possible for attackers to trick healthcare providers into giving away sensitive information. Update to version 8.0.0 or later to fix the issue.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| open-emr | openemr | <= 8.0.0 | – |
Original title
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, the Eye Exam form module allows any authenticated user to be redirec...
Original description
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, the Eye Exam form module allows any authenticated user to be redirected to an arbitrary external URL. This can be exploited for phishing attacks against healthcare providers using OpenEMR. Version 8.0.0 fixes the issue.
nvd CVSS3.1
6.1
Vulnerability type
CWE-601
Open Redirect
Published: 25 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026