CVE-2026-12207

Name of the Vulnerable Software and Affected Versions medkey-org medkey versions up to fc09b7ba9441ff590b72d428d5380834216b09ed

Description An issue in the HTTP REST API component allows remote attackers to manipulate the ID argument within the actionGetPatientById() function of the appmodulesmedicalportrestcontrollersPatientController.php file. This leads to improper control of resource identifiers, also known as resource injection, where an application does not sufficiently validate the identifiers used to access resources.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.