Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.
8.8

OpenEMR: Malicious Code Can Access Patient Data

CVE-2026-25746
Summary

OpenEMR, a free application for managing medical records, has a security flaw that allows attackers to access sensitive information about patients. This issue affects versions of the software released before 8.0.0. Update to version 8.0.0 or later to protect patient data.

What to do

No fix is available yet. Check with your software vendor for updates.

Affected software
VendorProductAffected versionsFix available
open-emr openemr <= 8.0.0 –
Original title
OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0 contain a SQL injection vulnerability in prescription that can be ex...
Original description
OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0 contain a SQL injection vulnerability in prescription that can be exploited by authenticated attackers. The vulnerability exists due to insufficient input validation in the prescription listing functionality. Version 8.0.0 fixes the vulnerability.
nvd CVSS3.1 8.8
Vulnerability type
CWE-89 SQL Injection
Published: 25 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026