{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-17T10:43:26.412","vulnerabilities":[{"cve":{"id":"CVE-2026-25476","sourceIdentifier":"security-advisories@github.com","published":"2026-02-25T19:43:22.157","lastModified":"2026-02-28T00:42:46.193","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, the session expiration check in `library/auth.inc.php` runs only when `skip_timeout_reset` is not present in the request. When `skip_timeout_reset=1` is sent, the entire block that calls `SessionTracker::isSessionExpired()` and forces logout on timeout is skipped. As a result, any request that includes this parameter (e.g. from auto-refresh pages like the Patient Flow Board) never runs the expiration check: expired sessions can continue to access data indefinitely, abandoned workstations stay active, and an attacker with a stolen session cookie can keep sending `skip_timeout_reset=1` to avoid being logged out. Version 8.0.0 fixes the issue."},{"lang":"es","value":"OpenEMR es una aplicación de gestión de registros de salud electrónicos y práctica médica de código abierto y gratuita. Antes de la versión 8.0.0, la verificación de expiración de la sesión en `library/auth.inc.php` se ejecuta solo cuando `skip_timeout_reset` no está presente en la solicitud. Cuando se envía `skip_timeout_reset=1`, se omite todo el bloque que llama a `SessionTracker::isSessionExpired()` y fuerza el cierre de sesión por tiempo de espera. Como resultado, cualquier solicitud que incluya este parámetro (por ejemplo, de páginas de actualización automática como el Panel de Flujo de Pacientes) nunca ejecuta la verificación de expiración: las sesiones expiradas pueden continuar accediendo a los datos indefinidamente, las estaciones de trabajo abandonadas permanecen activas, y un atacante con una cookie de sesión robada puede seguir enviando `skip_timeout_reset=1` para evitar ser desconectado. La versión 8.0.0 soluciona el problema."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-613"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:open-emr:openemr:*:*:*:*:*:*:*:*","versionEndExcluding":"8.0.0","matchCriteriaId":"FEAA9896-A42E-437C-BEE8-8DA955E34385"}]}]}],"references":[{"url":"https://github.com/openemr/openemr/commit/02a6a7793402b10356a94626d78e0e1069e92a77","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/openemr/openemr/security/advisories/GHSA-gx7q-6fhr-5h33","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]},{"url":"https://github.com/openemr/openemr/security/advisories/GHSA-gx7q-6fhr-5h33","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Vendor Advisory"]}]}}]}