Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.8
OpenEMR Electronic Health Records Software Has SQL Injection Flaw
CVE-2026-32127
Summary
The OpenEMR electronic health records software has a security flaw that can allow authorized attackers to access sensitive data if they manipulate certain inputs. This affects earlier versions of OpenEMR, but the issue is fixed in version 8.0.0.1. Update to the latest version to protect your sensitive information.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| open-emr | openemr | <= 8.0.0.1 | – |
Original title
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.1, OpenEMR contains a SQL injection vulnerability in the ajax graphs library ...
Original description
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.1, OpenEMR contains a SQL injection vulnerability in the ajax graphs library that can be exploited by authenticated attackers. The vulnerability exists due to insufficient input validation in the ajax graphs library. This vulnerability is fixed in 8.0.0.1.
nvd CVSS3.1
8.8
Vulnerability type
CWE-89
SQL Injection
Published: 11 Mar 2026 · Updated: 14 Mar 2026 · First seen: 11 Mar 2026