CVE-2026-25928

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2026-25928
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-25928.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-25928
Aliases
  • GHSA-rppw-f689-6hrm
Published
2026-03-19T19:27:17.018Z
Modified
2026-04-10T05:40:50.052407Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
Summary
OpenEMR Vulnerable to Path Traversal When Zipping DICOM Folders
Details

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.2, the DICOM zip/export feature uses a user-supplied destination or path component when creating the zip file, without sanitizing path traversal sequences (e.g. ../). An attacker with DICOM upload/export permission can write files outside the intended directory, potentially under the web root, leading to arbitrary file write and possibly remote code execution if PHP or other executable files can be written. Version 8.0.0.2 fixes the issue.

Database specific 
{
    "cwe_ids": [
        "CWE-22"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/25xxx/CVE-2026-25928.json",
    "cna_assigner": "GitHub_M"
}
References

Affected packages

Git / github.com/openemr/openemr

Affected ranges

Type
GIT
Repo
https://github.com/openemr/openemr
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
d7ddb2dcb11332944c1e193ae0ac32eabe439f7c

Affected versions

Other
v2_7_2
v2_7_2-rc1
v2_7_2-rc2
v2_7_3-rc1
v2_8_0
v2_8_1
v2_8_2
v2_8_3
v2_9_0
v3_0_0
v3_0_1
v8_0_0
v8_0_0_1

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-25928.json"