CVE-2026-33910

high

Description

OpenEMR is a free and open source electronic health records and medical practice management application. Versions up to and including 8.0.0.2 contain a SQL injection vulnerability in the patient selection feature that can be exploited by authenticated attackers. The vulnerability exists due to insufficient input validation in the patient selection feature. Version 8.0.0.3 contains a patch.

References

https://github.com/openemr/openemr/security/advisories/GHSA-x32c-xj5g-7jx7

https://github.com/openemr/openemr/releases/tag/v8_0_0_3

https://github.com/openemr/openemr/commit/73db3264aed253684532839380cae3b0a56c83d2

Details

Source: Mitre, NVD

Published: 2026-03-25

Updated: 2026-03-26

Risk Information

CVSS v2

Base Score: 9

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 8.8

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.00027