CVE-2026-33910

HIGH NVD

CVSS Score 7.2

Severity HIGH

Published Mar 25, 2026

Vendor unknown

Description

OpenEMR is a free and open source electronic health records and medical practice management application. Versions up to and including 8.0.0.2 contain a SQL injection vulnerability in the patient selection feature that can be exploited by authenticated attackers. The vulnerability exists due to insufficient input validation in the patient selection feature. Version 8.0.0.3 contains a patch.

References

https://github.com/openemr/openemr/commit/73db3264aed253684532839380cae3b0a56c83d2
https://github.com/openemr/openemr/releases/tag/v8_0_0_3
https://github.com/openemr/openemr/security/advisories/GHSA-x32c-xj5g-7jx7