Vulnerability Description
OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0.2 contain a Command injection vulnerability in the backup functionality that can be exploited by authenticated attackers. The vulnerability exists due to insufficient input validation in the backup functionality. Version 8.0.0.2 fixes the issue.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Open-Emr | Openemr | < 8.0.0.2 |
Related Weaknesses (CWE)
References
- https://github.com/openemr/openemr/commit/7bc7bd077a624e205daed17658de41af6070efPatch
- https://github.com/openemr/openemr/security/advisories/GHSA-6pmc-3xm7-pm86ExploitMitigationVendor Advisory
- https://github.com/openemr/openemr/security/advisories/GHSA-6pmc-3xm7-pm86ExploitMitigationVendor Advisory
FAQ
What is CVE-2026-32238?
CVE-2026-32238 is a vulnerability with a CVSS score of 9.1 (CRITICAL). OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0.2 contain a Command injection vulnerability in the backup functionality...
How severe is CVE-2026-32238?
CVE-2026-32238 has been rated CRITICAL with a CVSS base score of 9.1/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2026-32238?
Check the references section above for vendor advisories and patch information. Affected products include: Open-Emr Openemr.