PT-2026-28140 · Openemr · Openemr

Published

2026-03-25

Updated

2026-03-26

CVE-2026-33910

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions OpenEMR versions through 8.0.0.2

Description OpenEMR is an electronic health records and medical practice management application. Versions up to and including 8.0.0.2 contain a SQL injection issue in the patient selection feature. This is due to insufficient input validation. An authenticated attacker can exploit this. The vulnerable feature allows for SQL injection due to inadequate input sanitization.

Recommendations Update to version 8.0.0.3 or later.

Exploit

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2026-33910

GHSA-X32C-XJ5G-7JX7

Affected Products

Openemr

PT-2026-28140 · Openemr · Openemr

CVE-2026-33910

Weakness Enumeration

Related Identifiers

Affected Products

References · 7