VYPR
Unrated severityNVD Advisory· Published Mar 25, 2026· Updated Mar 26, 2026

OpenEMR Missing Authorization in Procedure Order AJAX Deletion Handler

CVE-2026-34053

Description

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, missing authorization in the AJAX deletion endpoint interface/forms/procedure_order/handle_deletions.php allows any authenticated user, regardless of role, to irreversibly delete procedure orders, answers, and specimens belonging to any patient in the system. Version 8.0.0.3 patches the issue.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Openemr/Openemrllm-fuzzy2 versions
    <8.0.0.3+ 1 more
    • (no CPE)range: <8.0.0.3
    • (no CPE)range: < 8.0.0.3

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.