CVE-2026-33917

Name of the Vulnerable Software and Affected Versions OpenEMR versions prior to 8.0.0.3

Description OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0.3 contain a SQL injection vulnerability in the ajax save CAMOS form. This issue is due to insufficient input validation in the ajax save page within the CAMOS form, and can be exploited by authenticated attackers.

Recommendations Update OpenEMR to version 8.0.0.3 or later.