CVE-2026-23627

Name of the Vulnerable Software and Affected Versions OpenEMR versions prior to 8.0.0

Description OpenEMR is an electronic health records and medical practice management application. A flaw exists in the Immunization module where user-supplied patient id values are directly incorporated into SQL queries without proper sanitization. This allows any authenticated user to execute arbitrary SQL queries, potentially leading to database compromise, unauthorized access to protected health information (PHI), credential theft, and remote code execution.

Recommendations Update to version 8.0.0 or later.