{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-21T22:48:42.770","vulnerabilities":[{"cve":{"id":"CVE-2026-25146","sourceIdentifier":"security-advisories@github.com","published":"2026-03-03T22:16:28.603","lastModified":"2026-03-04T21:56:00.543","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"OpenEMR is a free and open source electronic health records and medical practice management application. From 5.0.2 to before 8.0.0, there are (at least) two paths where the gateway_api_key secret value is rendered to the client in plaintext. These secret keys being leaked could result in arbitrary money movement or broad account takeover of payment gateway APIs. This vulnerability is fixed in 8.0.0."},{"lang":"es","value":"OpenEMR es una aplicación de gestión de prácticas médicas y registros de salud electrónicos de código abierto y gratuita. Desde la 5.0.2 hasta antes de la 8.0.0, existen (al menos) dos rutas donde el valor secreto gateway_api_key se muestra al cliente en texto plano. La filtración de estas claves secretas podría resultar en movimientos de dinero arbitrarios o una toma de control generalizada de cuentas de las API de pasarelas de pago. Esta vulnerabilidad está corregida en la 8.0.0."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N","baseScore":9.6,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":5.8},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":5.2}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:open-emr:openemr:*:*:*:*:*:*:*:*","versionStartIncluding":"5.0.2","versionEndExcluding":"8.0.0","matchCriteriaId":"B6E2AAD5-565E-4CC3-B50A-8E767CC6B5D7"}]}]}],"references":[{"url":"https://github.com/openemr/openemr/blob/6a4e18c5ec73e0c755f6f65b28a9652aded1a58b/interface/patient_file/front_payment.php#L765","source":"security-advisories@github.com","tags":["Product"]},{"url":"https://github.com/openemr/openemr/blob/6a4e18c5ec73e0c755f6f65b28a9652aded1a58b/portal/portal_payment.php#L537","source":"security-advisories@github.com","tags":["Product"]},{"url":"https://github.com/openemr/openemr/commit/fe6341496dc82d5b4f5a3f35891bb2e2481f3b25","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/openemr/openemr/security/advisories/GHSA-2hq8-wc73-jvvq","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]}]}}]}