PT-2026-26288 · Openemr · Openemr

Christophe Sublet

Published

2026-03-19

Updated

2026-03-25

CVE-2026-32238

CVSS v3.1

9.1

Critical

Vector

AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions OpenEMR versions prior to 8.0.0.2

Description OpenEMR is a free and open source electronic health records and medical practice management application. A command injection issue exists in the backup functionality due to insufficient input validation. This allows authenticated attackers to potentially compromise the system. The vulnerability allows for remote code execution.

Recommendations Upgrade to version 8.0.0.2 to resolve the issue.

Exploit

Fix

RCE

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78

Related Identifiers

BDU:2026-05089

CVE-2026-32238

GHSA-6PMC-3XM7-PM86

Affected Products

Openemr

PT-2026-26288 · Openemr · Openemr

CVE-2026-32238

Weakness Enumeration

Related Identifiers

Affected Products

References · 13