CVE-2026-32127HIGH 8.8EPSS p24.3%

CVE-2026-32127CVE-2026-32127

Description

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.1, OpenEMR contains a SQL injection vulnerability in the ajax graphs library that can be exploited by authenticated attackers. The vulnerability exists due to insufficient input validation in the ajax graphs library. This vulnerability is fixed in 8.0.0.1.

Scoring

CVSS 3.18.8 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS0.33% probability of exploitation · percentile 24.3% · 2026-06-18T12:00:27Z
Published2026-03-11
Last modified2026-03-13

Underlying weaknesses· 1

CWE-89

References

  1. https://github.com/openemr/openemr/security/advisories/GHSA-v8q6-h79f-736x

1

TypeTargetConfidenceTier
WeaknessImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')cwe-890%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-23627
CVE
CVE-2026-33910
CVE
CVE-2026-29187
CVE
CVE-2026-25746
CVE
CVE-2026-33917
CVE
CVE-2026-32118
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.