What is the CVSS score of CVE-2026-33917?

CVE-2026-33917 has a CVSS 3.1 base score of 8.8 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.0%.

Which versions of Openemr are affected by CVE-2026-33917?

OpenEMR deployments running versions prior to 8.0.0.3 contain a SQL injection vulnerability in the CAMOS form module that allows low-privilege authenticated users to execute arbitrary database…

How to fix or mitigate CVE-2026-33917?

Within 24 hours: inventory all OpenEMR instances and confirm running versions; identify systems below 8.0.0.3 and restrict CAMOS form access to administrative users only pending patching. Within 7 days: apply vendor patch to upgrade all affected OpenEMR instances to version 8.0.0.3 or later; validate patches in non-production environments first. Within 30 days: conduct audit of CAMOS form usage logs for the past 90 days to detect any unauthorized SQL activity; review database access controls and user privilege assignments.

Openemr CVE-2026-33917

HIGH

SQL Injection (CWE-89)

2026-03-25 GitHub_M

Openemr SQLi PHP

8.8

CVSS 3.1 · GitHub Advisory

Severity by source

GitHub Advisory PRIMARY

8.8 HIGH

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 25, 2026 - 23:47 vuln.today

CVE Published

Mar 25, 2026 - 23:31 nvd

HIGH 8.8

DescriptionGitHub Advisory

OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0.3 contais a SQL injection vulnerability in the ajax_save CAMOS form that can be exploited by authenticated attackers. The vulnerability exists due to insufficient input validation in the ajax_save page in the CAMOS form. Version 8.0.0.3 patches the issue.

AnalysisAI

SQL injection in OpenEMR versions prior to 8.0.0.3 enables authenticated attackers to execute arbitrary SQL commands through the CAMOS form's ajax_save functionality, potentially leading to complete database compromise including extraction of sensitive health records, data modification, and service disruption. The vulnerability requires low-privilege authentication (PR:L) with no user interaction (UI:N) and is network-exploitable (AV:N), though EPSS assigns only 0.03% (8th percentile) exploitation probability and no public exploit identified at time of analysis. …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access

Authenticate to OpenEMR instance

Delivery

Submit crafted SQL payload via ajax_save CAMOS form

Exploit

Bypass input validation in form processor

Execution

Execute arbitrary SQL queries

Impact

Extract or modify sensitive health records

Access

Authenticate to OpenEMR instance

Delivery

Submit crafted SQL payload via ajax_save CAMOS form

Exploit

Bypass input validation in form processor

Execution

Execute arbitrary SQL queries

Impact

Extract or modify sensitive health records

Vulnerability AssessmentAI

Exploitation	Requires authenticated user account in OpenEMR versions prior to 8.0.0.3. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment	The CVSS v3.1 score of 8.8 (High) reflects significant technical impact with network attack vector (AV:N), low complexity (AC:L), and high impact to confidentiality, integrity, and availability (C:H/I:H/A:H). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario	An authenticated attacker with low-privilege credentials (such as a standard clinical user account) accesses the OpenEMR CAMOS form interface and intercepts the ajax_save request. By injecting malicious SQL syntax into vulnerable form parameters, the attacker executes arbitrary database queries to extract the entire patient database containing protected health information (PHI), modify medical records to alter treatment documentation, or delete critical data causing service disruption. …
Remediation	Upgrade OpenEMR to version 8.0.0.3 or later, which contains the fix for this SQL injection vulnerability as documented in the release notes at https://github.com/openemr/openemr/releases/tag/v8_0_0_3. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: inventory all OpenEMR instances and confirm running versions; identify systems below 8.0.0.3 and restrict CAMOS form access to administrative users only pending patching. …

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2026-33917 vulnerability details – vuln.today

Back

Openemr CVE-2026-33917

Severity by source

CVSS VectorGitHub Advisory

Lifecycle Timeline

DescriptionGitHub Advisory

AnalysisAI

Unlock full vulnerability intelligence

Attack ChainAIDerived

Vulnerability AssessmentAI

Recommended ActionAI

Share

External POC / Exploit Code