CVE-2026-32127

HIGH

OpenEMR <8.0.0.1 - SQL Injection

Title source: llm

Description

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.1, OpenEMR contains a SQL injection vulnerability in the ajax graphs library that can be exploited by authenticated attackers. The vulnerability exists due to insufficient input validation in the ajax graphs library. This vulnerability is fixed in 8.0.0.1.

Exploits (2)

github WORKING POC 10 stars

by XiaomingX · pythonpoc

https://github.com/XiaomingX/data-cve-poc-py-v1/tree/main/2026/CVE-2026-32127

View Code ZIP pw:eip

nomisec WORKING POC

by ChrisSub08 · poc

https://github.com/ChrisSub08/CVE-2026-32127_SqlInjectionVulnerabilityOpenEMR8.0.0

View Code ZIP pw:eip

References (1)

[Vendor Advisory] https://github.com/openemr/openemr/security/advisories/GHSA-v8q6-h79f-736x

Scores

CVSS v3 8.8

EPSS 0.0000

EPSS Percentile 0.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-89

Status published

Products (1)

open-emr/openemr < 8.0.0.1

Published Mar 11, 2026

Tracked Since Mar 12, 2026