CVE-2026-24849 CRITICAL

CVE-2026-24849: OpenEMR Arbitrary File Read Vulnerability

Vendor Openemr
Product openemr
Weakness CWE-22 · Path traversal
Published February 25, 2026
Last update February 25, 2026

CVSS base score

10.0/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 7.0.4, the `disposeDocument()` method in `EtherFaxActions.php` allows authenticated users to read arbitrary files from the server filesystem. Any authenticated user (regardless of privilege level) can exploit this vulnerability to read sensitive files. Version 7.0.4 patches the issue.

Key dates

02Disclosure timeline

February 25, 2026 CVE published
February 25, 2026 Record updated