CVE-2026-33910
CVE-2026-33910
7.2
HighPublished:
Last updated:
Source:security-advisories@github.com
Analyzed
Weakness (CWE)
CVSS Vector
v3.1- Attack Vector
- Network
- Attack Complexity
- Low
- Privileges Required
- High
- User Interaction
- None
- Scope
- Unchanged
- Confidentiality
- High
- Integrity
- High
- Availability
- High
Description
OpenEMR is a free and open source electronic health records and medical practice management application. Versions up to and including 8.0.0.2 contain a SQL injection vulnerability in the patient selection feature that can be exploited by authenticated attackers. The vulnerability exists due to insufficient input validation in the patient selection feature. Version 8.0.0.3 contains a patch.
References
security-advisories@github.com
https://github.com/openemr/openemr/commit/73db3264aed253684532839380cae3b0a56c83d2security-advisories@github.com
https://github.com/openemr/openemr/releases/tag/v8_0_0_3security-advisories@github.com
https://github.com/openemr/openemr/security/advisories/GHSA-x32c-xj5g-7jx7