Plateforme
php
Composant
openemr
Corrigé dans
7.0.5
CVE-2026-24849 describes an Arbitrary File Access vulnerability affecting OpenEMR versions up to 7.0.4. This flaw allows authenticated users to read sensitive files from the server's filesystem, potentially leading to data breaches and unauthorized access. The vulnerability resides in the disposeDocument() method within EtherFaxActions.php. A patch is available in version 7.0.4.
An attacker exploiting this vulnerability can leverage their authenticated user account to read any file accessible by the web server process. This includes configuration files, database credentials, patient records, and other sensitive data. The impact is significant, as it allows for complete exposure of the server's filesystem to a privileged user. Successful exploitation could lead to data exfiltration, system compromise, and regulatory non-compliance, particularly concerning protected health information (PHI). This vulnerability shares similarities with other file access vulnerabilities where improper input validation allows attackers to manipulate file paths.
CVE-2026-24849 was publicly disclosed on 2026-02-25. The vulnerability's criticality (CVSS 10) indicates a high probability of exploitation. No public proof-of-concept (PoC) code has been publicly released as of this writing, but the ease of exploitation given authenticated access suggests it is likely to be developed. It is not currently listed on CISA KEV.
Healthcare providers and organizations utilizing OpenEMR, particularly those with legacy configurations or shared hosting environments, are at significant risk. Any deployment where user authentication is in place and file system permissions are not strictly controlled is vulnerable. Organizations relying on OpenEMR to manage sensitive patient data are especially at risk due to potential HIPAA violations.
• php / server:
grep -r 'disposeDocument\(\)' /var/www/openemr/src/classes/EtherFaxActions.php• generic web:
curl -I http://<openemr_server>/openemr/EtherFaxActions.php?disposeDocument=../../../../etc/passwd• linux / server:
journalctl -u apache2 -f | grep 'disposeDocument'disclosure
Statut de l'Exploit
EPSS
0.01% (percentile 1%)
CISA SSVC
Vecteur CVSS
The primary mitigation is to immediately upgrade OpenEMR to version 7.0.4 or later. If upgrading is not immediately feasible, consider implementing temporary workarounds. Restrict file system permissions for the web server user to the absolute minimum required for OpenEMR operation. Implement a Web Application Firewall (WAF) with rules to block requests containing suspicious file paths or attempts to access files outside of designated directories. Monitor access logs for unusual file access patterns, particularly requests targeting sensitive file extensions or locations. After upgrading, confirm the fix by attempting to access a known sensitive file via the vulnerable endpoint – access should be denied.
Actualice OpenEMR a la versión 7.0.4 o superior. Esta versión contiene la corrección de seguridad que impide la lectura arbitraria de archivos. Se recomienda realizar una copia de seguridad antes de actualizar.
Analyses de vulnérabilités et alertes critiques directement dans votre boîte mail.
CVE-2026-24849 is a critical vulnerability in OpenEMR versions 7.0.4 and earlier, allowing authenticated users to read arbitrary files from the server's filesystem.
You are affected if you are running OpenEMR versions 7.0.4 or earlier. Verify your version and upgrade immediately.
Upgrade OpenEMR to version 7.0.4 or later. Implement temporary workarounds like restricting file system permissions and using a WAF if immediate upgrade is not possible.
While no public exploits are currently known, the vulnerability's criticality and ease of exploitation suggest it is likely to be targeted.
Refer to the OpenEMR security advisory page for the latest information and updates regarding CVE-2026-24849: [https://openemr.org/security/](https://openemr.org/security/)
Téléverse ton fichier de dépendances et découvre instantanément si cette CVE et d'autres te touchent.