CVE-2026-33909

Name of the Vulnerable Software and Affected Versions OpenEMR versions prior to 8.0.0.3

Description OpenEMR is an electronic health records and medical practice management application. Versions prior to 8.0.0.3 contain a flaw where variables used in the MedEx recall/reminder processing code are directly included in SQL queries without proper sanitization. This allows for potential SQL injection. The vulnerable code concatenates variables directly into SQL queries without parameterization or type casting.

Recommendations Update to version 8.0.0.3 or later.