{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-23T00:19:45.440","vulnerabilities":[{"cve":{"id":"CVE-2026-27943","sourceIdentifier":"security-advisories@github.com","published":"2026-02-26T02:16:22.547","lastModified":"2026-02-27T14:51:27.900","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"OpenEMR is a free and open source electronic health records and medical practice management application. In versions up to and including 8.0.0, the eye exam (eye_mag) view loads data by `form_id` (or equivalent) without verifying that the form belongs to the current user’s patient/encounter context. An authenticated user can access or edit any patient’s eye exam by supplying another form ID; in some flows the session’s active patient may also be switched. A fix is available on the `main` branch of the OpenEMR GitHub repository."},{"lang":"es","value":"OpenEMR es una aplicación de gestión de la práctica médica y de registros de salud electrónicos de código abierto y gratuita. En versiones hasta la 8.0.0 inclusive, la vista del examen ocular (eye_mag) carga datos por 'form_id' (o equivalente) sin verificar que el formulario pertenece al contexto de paciente/encuentro del usuario actual. Un usuario autenticado puede acceder o editar el examen ocular de cualquier paciente al proporcionar otro ID de formulario; en algunos flujos, el paciente activo de la sesión también puede ser cambiado. Una solución está disponible en la rama 'main' del repositorio de GitHub de OpenEMR."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-639"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:open-emr:openemr:*:*:*:*:*:*:*:*","versionEndIncluding":"8.0.0","matchCriteriaId":"1D995E4F-C6E0-47AC-9F5A-4E828BA9A292"}]}]}],"references":[{"url":"https://github.com/openemr/openemr/commit/c87489bf63f2701b634d948279e104f2ed3df1c0","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/openemr/openemr/security/advisories/GHSA-q96x-qw99-6xq9","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]}]}}]}