Home / Vulnerability Intelligence / CVE-2026-32238

CVE-2026-32238 - Vulnerability Analysis

CriticalCVSS: 9.1

Last Updated: March 19, 2026

OpenEMR - Command Injection

Published: March 19, 2026Updated: March 19, 2026PoC AvailableRemote Exploitable

Overview

OpenEMR < 8.0.0.2 contains a command injection caused by insufficient input validation in the backup functionality, letting authenticated attackers execute arbitrary commands remotely, exploit requires authentication.

Severity & Score

Severity: Critical

CVSS Score: 9.1

EPSS Score: 0.0%(Probability of exploitation in next 30 days)

Impact

Authenticated attackers can execute arbitrary commands, potentially leading to full system compromise.

Mitigation

Upgrade to version 8.0.0.2 or later.

References

Social Media Activity(2 posts)

TheHackerWire

@thehackerwire

Mar 19, 2026

🔴 CVE-2026-32238 - Critical (9.1) OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0.2 contain a Command injection vulnerability in the backup functionality that can be exploited by authenticated attacke... 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32238/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

TheHackerWire

@thehackerwire

Mar 19, 2026

View original post

GitHub Repositories(1 repo)

https://github.com/ChrisSub08/CVE-2026-32238_RemoteCodeExecutionOpenEMR8.0.0

Related Resources

Details

CVE ID: CVE-2026-32238
Severity: Critical
CVSS Score: 9.1
Type: command_injection
Status: new
EPSS: 0.0%
Social Posts: 2

CWE

CWE-78

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

EPSS Score

0.0%Probability of exploitation in the next 30 days