CVE-2026-32238

Exploit

EPSS 0.41%
Veröffentlicht 19.03.2026 19:30:53
Zuletzt bearbeitet 20.03.2026 19:16:15
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0.2 contain a Command injection vulnerability in the backup functionality that can be exploited by authenticated attackers. The vulnerability exists due to insufficient input validation in the backup functionality. Version 8.0.0.2 fixes the issue.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Open-emr ≫ Openemr Version < 8.0.0.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.41%	0.61

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
security-advisories@github.com	9.1	2.3	6	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

https://github.com/openemr/openemr/security/advisories/GHSA-6pmc-3xm7-pm86

Vendor Advisory

Exploit

Mitigation

https://github.com/openemr/openemr/commit/7bc7bd077a624e205daed17658de41af6070ef73

Patch

https://nvd.nist.gov/vuln/detail/CVE-2026-32238

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-32238

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-32238

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-32238