CVE-2026-25146HIGH 8.1EPSS p35.3%

CVE-2026-25146CVE-2026-25146

Description

OpenEMR is a free and open source electronic health records and medical practice management application. From 5.0.2 to before 8.0.0, there are (at least) two paths where the gateway_api_key secret value is rendered to the client in plaintext. These secret keys being leaked could result in arbitrary money movement or broad account takeover of payment gateway APIs. This vulnerability is fixed in 8.0.0.

Scoring

CVSS 3.18.1 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
EPSS0.44% probability of exploitation · percentile 35.3% · 2026-06-18T12:00:27Z
Published2026-03-03
Last modified2026-03-04

Underlying weaknesses· 1

CWE-200

References

  1. https://github.com/openemr/openemr/blob/6a4e18c5ec73e0c755f6f65b28a9652aded1a58b/interface/patient_file/front_payment.php#L765
  2. https://github.com/openemr/openemr/blob/6a4e18c5ec73e0c755f6f65b28a9652aded1a58b/portal/portal_payment.php#L537
  3. https://github.com/openemr/openemr/commit/fe6341496dc82d5b4f5a3f35891bb2e2481f3b25
  4. https://github.com/openemr/openemr/security/advisories/GHSA-2hq8-wc73-jvvq

1

TypeTargetConfidenceTier
WeaknessExposure of Sensitive Information to an Unauthorized Actorcwe-2000%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-25164
CVE
CVE-2026-33346
CVE
CVE-2026-24898
CVE
CVE-2026-25131
CVE
CVE-2026-32127
CVE
CVE-2026-25746
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.