CVE-2026-33913 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, an authenticated user with ac…
High CVSS: 7.7

CVE-2026-33913

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, an authenticated user with access to the Carecoordination module can upload a crafted CCDA document containing `<xi:include href="file:///etc/passwd" parse="text"/>` to read arbitrary files from the server. Version 8.0.0.3 patches the issue.
Vendor
Open-emr
Product
Openemr
CWE
CWE-611
Yayın Tarihi
2026-03-25 23:17:10
Güncelleme
2026-03-26 16:25:24
Source Identifier
security-advisories@github.com
KEV Date Added
-

Kategoriler

CWE-611 Openemr HIGH Open-emr 2026

Referanslar

https://github.com/openemr/openemr/commit/67e1702c41cf486af0069bdafce19860e2cd9a11 https://github.com/openemr/openemr/releases/tag/v8_0_0_3 https://github.com/openemr/openemr/security/advisories/GHSA-9757-3cfj-wc8q