CVE-2026-23627
published 2026-02-25CVE-2026-23627: OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, an SQL injection vulnerability…
PriorityP263high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
0.78%
51.3th percentile
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, an SQL injection vulnerability in the Immunization module allows any authenticated user to execute arbitrary SQL queries, leading to complete database compromise, PHI exfiltration, credential theft, and potential remote code execution. The vulnerability exists because user-supplied `patient_id` values are directly concatenated into SQL WHERE clauses without parameterization or escaping. Version 8.0.0 patches the issue.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| open-emr | openemr | < 8.0.0 | 8.0.0 |
| openemr | openemr | < 8.0.0 | 8.0.0 |
Detection & IOCsextracted from sources · hover to see the quote
- →SQL injection occurs via unsanitized user-supplied `patient_id` values directly concatenated into SQL WHERE clauses in the Immunization module — monitor for anomalous SQL patterns in requests targeting the Immunization module endpoint ↗
- →Any authenticated OpenEMR user (low privilege) can trigger this SQL injection — do not restrict detection scope to admin accounts; alert on unusual SQL query patterns from any authenticated session in OpenEMR versions prior to 8.0.0 ↗
- →CVE-2026-23627 is one of two critical-severity CVEs in a batch of 38 OpenEMR vulnerabilities; correlate detections with CVE-2026-24908 activity as both are rated critical and may be chained ↗
- ·The attack surface requires authentication; unauthenticated exploitation is not described — detection rules should account for authenticated session context rather than pre-auth traffic ↗
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv4.07.4HIGHCVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No advisories linked to this vulnerability.
No detection rules found.
No public exploits indexed.
Hackernews
⚡ Weekly Recap: AI-Powered Phishing, Android Spying Tool, Linux Exploit, GitHub RCE & More
blogs_hackernews·2026-05-04·CVSS 9.3
CVE-2026-41940 [CRITICAL] ⚡ Weekly Recap: AI-Powered Phishing, Android Spying Tool, Linux Exploit, GitHub RCE & More
Home
Threat Intelligence
Vulnerabilities
Cyber Attacks
Webinars
Expert Insights
Awards
Webinars
Awards
Free eBooks
About THN
Jobs
Advertise with us
## ⚡ Weekly Recap: AI-Powered Phishing, Android Spying Tool, Linux Exploit, GitHub RCE & More
This week, the shadows moved faster than the patches.
While most teams were still triaging last month’s alerts, attackers had already turned control panels into kill switches, kernels into open doors, and open-source pipelines into silent delivery systems.
The game has shifted from breach to occupation. They’re living inside SaaS sessions, pushing code with trusted commits, and scaling operations like legitimate businesses — except their product is chaos. And the underground is getting uncomfortably professional.
Here’s the full week
Hackernews
ThreatsDay Bulletin: SMS Blaster Busts, OpenEMR Flaws, 600K Roblox Hacks and 25 More Stories
blogs_hackernews·2026-04-30
CVE-2019-0708 ThreatsDay Bulletin: SMS Blaster Busts, OpenEMR Flaws, 600K Roblox Hacks and 25 More Stories
Home
Threat Intelligence
Vulnerabilities
Cyber Attacks
Webinars
Expert Insights
Awards
Webinars
Awards
Free eBooks
About THN
Jobs
Advertise with us
## ThreatsDay Bulletin: SMS Blaster Busts, OpenEMR Flaws, 600K Roblox Hacks and 25 More Stories
The internet is noisy this week. We are seeing some wild new tactics, like people using fake cell towers to send scam texts, while some developers are accidentally downloading tools that peek into their private files during a simple install. It is definitely a busy time to be online.
Security is always a moving target. Millions of servers are currently sitting online without any passwords, and old software bugs are showing up in the most unexpected places. Even with the right fixes available, staying one step ahead is a full-time job
Wiz
CVE-2026-23627 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.4
CVE-2026-23627 [HIGH] CVE-2026-23627 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-23627 :
OpenEMR vulnerability analysis and mitigation
patient_id
Source : NVD
## 7.4
Score
Published February 25, 2026
Severity HIGH
CNA Score 7.4
Affected Technologies
OpenEMR
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 0.8
Exploitation Probability (EPSS) N/A
Affected packages and libraries
cpe:2.3:a:open-emr:openemr
Sources
Linux Severity HIGH Has Fix Added at: Mar 02, 2026
Windows Severity HIGH Has Fix Added at: Mar 02, 2026
Linux Severity HIGH Has Fix Added at: Mar 03, 2026
Windows Severity HIGH Has Fix Added at: Mar 03, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's
2026-02-25
Published