High severity7.5NVD Advisory· Published May 5, 2026· Updated May 5, 2026

CVE-2023-54347

Description

OpenEMR 7.0.1 contains an authentication brute force vulnerability that allows attackers to bypass rate limiting protections by sending repeated login attempts to the main login endpoint. Attackers can submit POST requests with authUser and clearPass parameters to systematically test username and password combinations without account lockout restrictions.

Affected products

Openemr/Openemrreferences2 versions
(expand)+ 1 more
- (no CPE)
- cpe:2.3:a:open-emr:openemr:7.0.1:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.exploit-db.com/exploits/51413nvdExploitVDB Entry
www.vulncheck.com/advisories/openemr-authentication-brute-force-mitigation-bypassnvdThird Party Advisory
github.com/openemr/openemr/archive/refs/tags/v7_0_1.tar.gznvdProduct
www.open-emr.orgnvdProduct

News mentions

⚡ Weekly Recap: AI-Powered Phishing, Android Spying Tool, Linux Exploit, GitHub RCE & More
The Hacker News · May 4, 2026
ThreatsDay Bulletin: SMS Blaster Busts, OpenEMR Flaws, 600K Roblox Hacks and 25 More Stories
The Hacker News · Apr 30, 2026
AI Finds 38 Security Flaws in Electronic Health Record Platform
Dark Reading · Apr 29, 2026

cvss	0.488
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000