CVE-2026-33910HIGH 8.8EPSS p34.0%

CVE-2026-33910CVE-2026-33910

Description

OpenEMR is a free and open source electronic health records and medical practice management application. Versions up to and including 8.0.0.2 contain a SQL injection vulnerability in the patient selection feature that can be exploited by authenticated attackers. The vulnerability exists due to insufficient input validation in the patient selection feature. Version 8.0.0.3 contains a patch.

Scoring

CVSS 3.18.8 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS0.43% probability of exploitation · percentile 34.0% · 2026-06-19T12:03:05Z
Published2026-03-25
Last modified2026-03-26

Underlying weaknesses· 1

CWE-89

References

  1. https://github.com/openemr/openemr/commit/73db3264aed253684532839380cae3b0a56c83d2
  2. https://github.com/openemr/openemr/releases/tag/v8_0_0_3
  3. https://github.com/openemr/openemr/security/advisories/GHSA-x32c-xj5g-7jx7

1

TypeTargetConfidenceTier
WeaknessImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')cwe-890%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-23627
CVE
CVE-2026-25746
CVE
CVE-2026-33917
CVE
CVE-2026-29187
CVE
CVE-2026-32127
CVE
CVE-2026-32238
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.