CVE-2026-32238

CRITICAL

OpenEMR has Remote Code Execution in backup functionality

Title source: cna
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2026-32238. PoCs published by ChrisSub08.

AI-analyzed exploit summary This repository provides a detailed technical analysis of CVE-2026-32238, an OS command injection vulnerability in OpenEMR <8.0.0.2. It explains the root cause, affected code paths, and exploitation mechanics but does not include functional exploit code.

Description

OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0.2 contain a Command injection vulnerability in the backup functionality that can be exploited by authenticated attackers. The vulnerability exists due to insufficient input validation in the backup functionality. Version 8.0.0.2 fixes the issue.

Exploits (1)

nomisec WRITEUP
by ChrisSub08 · poc
https://github.com/ChrisSub08/CVE-2026-32238_RemoteCodeExecutionOpenEMR8.0.0

This repository provides a detailed technical analysis of CVE-2026-32238, an OS command injection vulnerability in OpenEMR <8.0.0.2. It explains the root cause, affected code paths, and exploitation mechanics but does not include functional exploit code.

Classification
Writeup 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: OpenEMR <8.0.0.2
Auth required
Prerequisites: authenticated access to OpenEMR · ability to inject malicious values into specific database columns
devstral-2 · analyzed Mar 20, 2026 Full analysis →

References (2)

Core 2

Scores

CVSS v3 9.1
EPSS 0.0010
EPSS Percentile 27.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact total

Details

CWE
CWE-78
Status published
Products (2)
open-emr/openemr < 8.0.0.2
openemr/openemr < 8.0.0.2
Published Mar 19, 2026
Tracked Since Mar 20, 2026