CVE-2026-32127
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.1, OpenEMR contains a SQL injection vulnerability in the ajax graphs library that can be exploited by authenticated attackers. The vulnerability exists due to insufficient input validation in the ajax graphs library.
This vulnerability is fixed in 8.0.0.1.
HIGH · CVSS 8.8
EPSS 2e-05
Act now
- Public exploit or PoC is available
- SSVC automatable: yes - attacks can be scripted at scale
- CVSS base score ≥ 7.0
Sigma rules0
YARA rules0