Primary

Context

OpenEMR Secure Messaging Link Handling Vulnerability Allowing Phishing

Vulnerability

Patched

A vulnerability in OpenEMR prior to version 7.0.4 allows links sent via Secure Messaging to be opened within the OpenEMR/Portal site. This behavior can be exploited for phishing attacks. The issue has been patched in version 7.0.4.

Impact

Exploitation of this vulnerability could lead to successful phishing attempts, as it allows malicious links to be opened within the context of the OpenEMR application.

Reproduction

The vulnerability can be reproduced by sending a link through the Secure Messaging feature in OpenEMR version 7.0.3. When the link is clicked, it opens within the OpenEMR application instead of an external browser, potentially leading to a phishing scenario.

Remediation

Users can upgrade to OpenEMR version 7.0.4 to address this vulnerability.

Added: Feb 25, 2026, 2:24 AM

Updated: Feb 25, 2026, 2:24 AM

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

1.7

exploitability

5.5

remediation

7.7

relevance

3.2

threat

4.8

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

1.7

exploitability

5.5

remediation

7.7

relevance

3.2

threat

4.8

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

OpenEMR Secure Messaging Link Handling Vulnerability Allowing Phishing

Vulnerability

Impact

Reproduction

Remediation

Affected Products

OpenEMR

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating