CVE-2026-25746HIGH 8.8EPSS p86.1%
CVE-2026-25746CVE-2026-25746
Description
OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0 contain a SQL injection vulnerability in prescription that can be exploited by authenticated attackers. The vulnerability exists due to insufficient input validation in the prescription listing functionality. Version 8.0.0 fixes the vulnerability.
Scoring
| CVSS 3.1 | 8.8 (HIGH) |
| Vector | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
| EPSS | 3.10% probability of exploitation · percentile 86.1% · 2026-06-18T12:00:27Z |
| Published | 2026-02-25 |
| Last modified | 2026-02-27 |
Underlying weaknesses· 1
References
- https://github.com/ChrisSub08/CVE-2026-25746_SqlInjectionVulnerabilityOpenEMR7.0.4
- https://github.com/openemr/openemr/blob/2b46e594b9dd665fb7f16c913ca07f5c6d54412b/library/classes/Controller.class.php#L77
- https://github.com/openemr/openemr/blob/9fa8db9f12d0b70985195b11b90f2dc564bd3b24/controller.php#L6
- https://github.com/openemr/openemr/blob/9fa8db9f12d0b70985195b11b90f2dc564bd3b24/controllers/C_Prescription.class.php#L180
- https://github.com/openemr/openemr/blob/9fa8db9f12d0b70985195b11b90f2dc564bd3b24/library/classes/Prescription.class.php#L1148
- https://github.com/openemr/openemr/commit/e230d3ef46425ffc96a37dc6369428aa37c88554
- https://github.com/openemr/openemr/security/advisories/GHSA-78r7-g65p-gpw3
1
| Type | Target | Confidence | Tier |
|---|---|---|---|
| Weakness | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')cwe-89 | 0% | live |
Related by meaning· 6
Nearest entities by semantic similarity across the cs-graph corpus.