CVE-2026-33910

Source
https://cve.org/CVERecord?id=CVE-2026-33910
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-33910.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-33910
Aliases
  • GHSA-x32c-xj5g-7jx7
Published
2026-03-25T22:41:02.472Z
Modified
2026-04-10T05:42:57.530878Z
Severity
  • 7.2 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
OpenEMR has a SQL Injection Vulnerability in patient selection
Details

OpenEMR is a free and open source electronic health records and medical practice management application. Versions up to and including 8.0.0.2 contain a SQL injection vulnerability in the patient selection feature that can be exploited by authenticated attackers. The vulnerability exists due to insufficient input validation in the patient selection feature. Version 8.0.0.3 contains a patch.

Database specific
{
    "cwe_ids": [
        "CWE-89"
    ],
    "cna_assigner": "GitHub_M",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/33xxx/CVE-2026-33910.json"
}
References

Affected packages

Git / github.com/openemr/openemr

Affected ranges

Type
GIT
Repo
https://github.com/openemr/openemr
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Database specific
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "8.0.0.3"
        }
    ]
}

Affected versions

Other
v2_7_2
v2_7_2-rc1
v2_7_2-rc2
v2_7_3-rc1
v2_8_0
v2_8_1
v2_8_2
v2_8_3
v2_9_0
v3_0_0
v3_0_1
v8_0_0
v8_0_0_1
v8_0_0_2

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-33910.json"