CVE-2026-33910

Name of the Vulnerable Software and Affected Versions OpenEMR versions through 8.0.0.2

Description OpenEMR is an electronic health records and medical practice management application. Versions up to and including 8.0.0.2 contain a SQL injection issue in the patient selection feature. This is due to insufficient input validation. An authenticated attacker can exploit this. The vulnerable feature allows for SQL injection due to inadequate input sanitization.

Recommendations Update to version 8.0.0.3 or later.