Skip to main content

Bahmnicore

1 CVEs product

Monthly

CVE-2026-15477 LOW PATCH Monitor

SQL injection in Bahmni bahmnicore up to version 0.93 allows low-privileged authenticated remote attackers to manipulate backend database queries via the additionalParams argument at the /openmrs/ws/rest/v1/bahmnicore/sql Search Endpoint. Public exploit code exists (confirmed by E:P in CVSS 4.0 supplemental metrics and the CVE description), lowering the bar for exploitation to any user with valid application credentials. Fixed versions spanning all active release branches (0.93.1 through 2.0.1) were released July 2026, and organizations running affected versions in healthcare environments should prioritize patching given the sensitivity of stored patient and clinical data.

SQLi Bahmnicore
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.4%
EPSS 0% CVSS 2.1
LOW PATCH Monitor

SQL injection in Bahmni bahmnicore up to version 0.93 allows low-privileged authenticated remote attackers to manipulate backend database queries via the additionalParams argument at the /openmrs/ws/rest/v1/bahmnicore/sql Search Endpoint. Public exploit code exists (confirmed by E:P in CVSS 4.0 supplemental metrics and the CVE description), lowering the bar for exploitation to any user with valid application credentials. Fixed versions spanning all active release branches (0.93.1 through 2.0.1) were released July 2026, and organizations running affected versions in healthcare environments should prioritize patching given the sensitivity of stored patient and clinical data.

SQLi Bahmnicore
NVD VulDB GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy