LeakyCreds
NewInstant webhook alerts now available ā€” notified within seconds of any credential detection.Learn more ā†’
Home / Vulnerability Intelligence / CVE-2026-33917

CVE-2026-33917 - Vulnerability Analysis

HighCVSS: 8.8

Last Updated: March 26, 2026

OpenEMR - SQL Injection

Published: March 26, 2026Updated: March 26, 2026Remote Exploitable

Overview

OpenEMR < 8.0.0.3 contains a SQL injection caused by insufficient input validation in the ajax_save CAMOS form, letting authenticated attackers execute arbitrary SQL commands.

Severity & Score

Severity: High
CVSS Score: 8.8
EPSS Score: 0.0%(Probability of exploitation in next 30 days)

Impact

Authenticated attackers can execute arbitrary SQL commands, potentially leading to data disclosure or modification.

Mitigation

Update to version 8.0.0.3 or later.

References

Social Media Activity(4 posts)

TheHackerWire
TheHackerWire
@thehackerwire
Mar 26, 2026

šŸŸ  CVE-2026-33917 - High (8.8) OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0.3 contais a SQL injection vulnerability in the ajax_save CAMOS form that can be exploited by authenticated attackers. ... šŸ”— https://www.thehackerwire.com/vulnerability/CVE-2026-33917/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post
TheHackerWire
TheHackerWire
@thehackerwire
Mar 26, 2026

šŸŸ  CVE-2026-33917 - High (8.8) OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0.3 contais a SQL injection vulnerability in the ajax_save CAMOS form that can be exploited by authenticated attackers. ... šŸ”— https://www.thehackerwire.com/vulnerability/CVE-2026-33917/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post
TheHackerWire
TheHackerWire
@thehackerwire
Mar 26, 2026

šŸŸ  CVE-2026-33917 - High (8.8) OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0.3 contais a SQL injection vulnerability in the ajax_save CAMOS form that can be exploited by authenticated attackers. ... šŸ”— https://www.thehackerwire.com/vulnerability/CVE-2026-33917/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post
TheHackerWire
TheHackerWire
@thehackerwire
Mar 26, 2026

šŸŸ  CVE-2026-33917 - High (8.8) OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0.3 contais a SQL injection vulnerability in the ajax_save CAMOS form that can be exploited by authenticated attackers. ... šŸ”— https://www.thehackerwire.com/vulnerability/CVE-2026-33917/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID
CVE-2026-33917
Severity
High
CVSS Score
8.8
Type
sql_injection
Status
new
EPSS
0.0%
Social Posts
4

CWE

  • CWE-89

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score

0.0%Probability of exploitation in the next 30 days