CVE-2026-32127
HIGHCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
2Description
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.1, OpenEMR contains a SQL injection vulnerability in the ajax graphs library that can be exploited by authenticated attackers. The vulnerability exists due to insufficient input validation in the ajax graphs library. This vulnerability is fixed in 8.0.0.1.
Analysis
OpenEMR versions prior to 8.0.0.1 contain a SQL injection vulnerability in the ajax graphs library that allows authenticated users to execute arbitrary database queries, potentially leading to complete compromise of patient health records and system data. The vulnerability stems from insufficient input validation and requires valid credentials to exploit, but poses a critical risk given the sensitive nature of healthcare data stored in OpenEMR systems. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Identify and inventory all OpenEMR deployments and their versions; assess network exposure and implement emergency access controls. Within 7 days: Deploy Web Application Firewall (WAF) rules to block SQL injection patterns; implement database activity monitoring; restrict OpenEMR administrative access to trusted networks only. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today