{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-03T07:30:09.331","vulnerabilities":[{"cve":{"id":"CVE-2026-33304","sourceIdentifier":"security-advisories@github.com","published":"2026-03-19T21:17:11.700","lastModified":"2026-03-20T15:06:16.093","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.2, an authorization bypass in the dated reminders log allows any authenticated non-admin user to view reminder messages belonging to other users, including associated patient names and free-text message content, by crafting a GET request with arbitrary user IDs in the `sentTo[]` or `sentBy[]` parameters. Version 8.0.0.2 fixes the issue."},{"lang":"es","value":"OpenEMR es una aplicación de código abierto y gratuita para registros de salud electrónicos y gestión de consultorios médicos. Antes de la versión 8.0.0.2, una omisión de autorización en el registro de recordatorios fechados permite a cualquier usuario autenticado no administrador ver mensajes de recordatorio pertenecientes a otros usuarios, incluyendo nombres de pacientes asociados y contenido de mensajes de texto libre, al elaborar una solicitud GET con IDs de usuario arbitrarios en los parámetros 'sentTo[]' o 'sentBy[]'. La versión 8.0.0.2 corrige el problema."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-639"},{"lang":"en","value":"CWE-862"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:open-emr:openemr:*:*:*:*:*:*:*:*","versionEndExcluding":"8.0.0.2","matchCriteriaId":"C78F19AD-BD18-4F61-8B1C-DD099DBC6D34"}]}]}],"references":[{"url":"https://github.com/openemr/openemr/commit/21dee7658a5f3b18c5750e3fae7324e875c1703a","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/openemr/openemr/security/advisories/GHSA-66j9-ffq4-h222","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]}]}}]}