PT-2026-26288 · Openemr · Openemr

Christophe Sublet

Publicado

2026-03-19

Atualizado

2026-03-25

CVE-2026-32238

CVSS v3.1

9.1

Crítica

Vetor

AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions OpenEMR versions prior to 8.0.0.2

Description OpenEMR is a free and open source electronic health records and medical practice management application. A command injection issue exists in the backup functionality due to insufficient input validation. This allows authenticated attackers to potentially compromise the system. The vulnerability allows for remote code execution.

Recommendations Upgrade to version 8.0.0.2 to resolve the issue.

Exploit

Correção

RCE

OS Command Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-78

Identificadores relacionados

BDU:2026-05089

CVE-2026-32238

GHSA-6PMC-3XM7-PM86

Produtos afetados

Openemr

PT-2026-26288 · Openemr · Openemr

CVE-2026-32238

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 13