中文

AISLE Discovers 38 CVEs in OpenEMR Healthcare Software

科技 Views 1

AISLE Discovers 38 CVEs in Healthcare Software Used by 100,000 Medical Providers

Author

Stanislav Fort

Date Published

April 28, 2026OpenEMR - blog hero (1)

On this page

  • The Findings at a Glance
  • Notable Findings
  • CVE-2026-24908: SQL Injection in Patient REST API Sort Parameter
  • CVE-2026-23627: SQL Injection in Immunization Search/Report
  • CVE-2026-24487: FHIR Patient Compartment Bypass in CareTeam
  • Autonomous Issue Fixes
  • A Partnership for Patient Safety
  • From Disclosure to Prevention with AISLE
  • Full Advisory List
  • Missing or incorrect authorization
  • Cross-site scripting
  • SQL injection, path traversal, and session flaws

Cross-site scripting

User-controlled data was rendered into HTML or JavaScript without proper encoding, allowing an attacker to inject code that would run in another user's browser session. Several of these crossed the trust boundary between the patient portal and the clinical staff interface, meaning a patient could inject code that would execute in a clinician's or administrator's session.

Title

Severity

Weakness

CVE

Stored DOM XSS via .html() in Portal Signer Modal

High

Cross-site Scripting

CVE-2026-32121

Stored XSS in CCDA Preview via linkHtml

High

Cross-site Scripting

CVE-2026-33932

Stored XSS in Portal Payment via table_args

High

Cross-site Scripting

CVE-2026-33346

Stored XSS in Track Anything Graphs

Medium

Cross-site Scripting

CVE-2026-32125

Stored XSS in Graphical Pain Map

Medium

Cross-site Scripting

CVE-2026-32118

Stored XSS in Dynamic Code Picker

Medium

Cross-site Scripting

CVE-2026-32124

Reflected XSS in Custom Template Editor

Medium

Cross-site Scripting

CVE-2026-33933

Stored XSS via Portal Login Username

Medium

Cross-site Scripting

CVE-2026-33303

Stored DOM XSS via SearchHighlight

Medium

Cross-site Scripting

CVE-2026-32119

SQL injection, path traversal, and session flaws

These included SQL injections (user input was concatenated directly into SQL queries without proper sanitization), an insufficient session expiration issue, and path traversals (user-controlled file paths were not restricted to the intended directory, enabling arbitrary file reads or writes on the server).

Title

Severity

Weakness

CVE

SQL injection in patient API sort parameter

Critical

SQL Injection

CVE-2026-24908

SQL Injection in Immunization Search/Report

Critical

SQL Injection

CVE-2026-23627

Session Timeout Bypass via skip_timeout_reset

High

Insufficient Session Expiration

CVE-2026-25476

Arbitrary File Exfiltration via Fax Endpoint

Medium

Path Traversal

CVE-2026-24488

Path Traversal When Zipping DICOM Folders

Medium

Path Traversal

CVE-2026-25928

Our deepest appreciation goes to the OpenEMR maintainers for their professional collaboration. All issues were discovered using the AISLE AI analyzer and responsibly disclosed by Pavel Kohout, Petr Simecek, and Stanislav Fort.

推荐阅读:星辰云IDC | 权威网络骗子查询网