CVE-2026-26462

HIGH

Offline Hospital Management System 5.3.0 - Remote Code Execution

Title source: manual

Description

Offline Hospital Management System 5.3.0 allows remote code execution due to an improper Electron renderer configuration. The application enables Node.js integration while disabling context isolation, allowing JavaScript executed in the renderer process to access Node.js APIs and execute arbitrary operating system commands.

References (2)

Core 2

Core References

https://sourceforge.net/projects/hospital-management-system/files/

https://medium.com/@husaainpalh/remote-code-execution-in-offline-hospital-management-system-cve-2026-26462-bc7ac54314c4

Scores

CVSS v3 7.3

EPSS 0.0032

EPSS Percentile 23.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-917

Status published

Published May 18, 2026

Tracked Since May 18, 2026