Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
6.5
OpenEMR versions 8.0.0 and below: Unauthorized Files Sent via Fax
CVE-2026-24488
Summary
A security issue in OpenEMR's fax feature allows any authorized user to send sensitive files, like patient documents and database passwords, to an attacker's phone number. This happens because the fax feature doesn't properly verify where files are coming from. There is no fix available yet for this issue, so you should consider updating to a newer version of OpenEMR as soon as possible.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| open-emr | openemr | <= 8.0.0 | – |
Original title
OpenEMR is a free and open source electronic health records and medical practice management application. In versions up to and including 8.0.0, an arbitrary file exfiltration vulnerability in the f...
Original description
OpenEMR is a free and open source electronic health records and medical practice management application. In versions up to and including 8.0.0, an arbitrary file exfiltration vulnerability in the fax sending endpoint allows any authenticated user to read and transmit any file on the server (including database credentials, patient documents, system files, and source code) via fax to an attacker-controlled phone number. The vulnerability exists because the endpoint accepts arbitrary file paths from user input and streams them to the fax gateway without path restrictions or authorization checks. As of time of publication, no known patched versions are available.
nvd CVSS3.1
6.5
Vulnerability type
CWE-22
Path Traversal
Published: 27 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026