CVE-2026-33909

MEDIUM NVD

CVSS Score 5.9

Severity MEDIUM

Published Mar 25, 2026

Vendor unknown

Description

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, several variables in the MedEx recall/reminder processing code are concatenated directly into SQL queries without parameterization or type casting, enabling SQL injection. Version 8.0.0.3 contains a patch.

References

https://github.com/openemr/openemr/commit/3d11d2fc1622147d4aa6fbca31a471e7402ffc65
https://github.com/openemr/openemr/releases/tag/v8_0_0_3
https://github.com/openemr/openemr/security/advisories/GHSA-6vx2-w9hw-prqj