Description
Offline Hospital Management System 5.3.0 allows remote code execution due to an improper Electron renderer configuration. The application enables Node.js integration while disabling context isolation, allowing JavaScript executed in the renderer process to access Node.js APIs and execute arbitrary operating system commands.
Published: 2026-05-18
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability resides in Offline Hospital Management System 5.3.0 and permits an attacker to execute arbitrary operating system commands. The issue arises because the application enables Node.js integration while disabling context isolation in the Electron renderer process, permitting JavaScript code running in that context to access Node.js APIs and invoke system commands. This results in full remote code execution, which can allow attackers to compromise the host machine, exfiltrate sensitive patient data, or deploy further malware.

Affected Systems

This flaw affects version 5.3.0 of the Offline Hospital Management System, an offline application designed for hospital management. No other versions or variants are listed as impacted; the vulnerability is limited to this specific iteration.

Risk and Exploitability

The danger level is high due to the ability to run arbitrary code. The known attack vector is through any code that is executed in the renderer process; it is unclear whether remote access is required or local privilege is needed. The EPSS score is not available, and the vulnerability is not listed in the CISA KEV catalog. Without an official fix, the risk remains significant, particularly in environments where the application is exposed to potentially untrusted content or scripts.

Generated by OpenCVE AI on May 18, 2026 at 15:23 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply any vendor-provided update that disables Node integration or enables context isolation for the Electron renderer.
  • If an update is unavailable, reconfigure the application to disable Node.js integration in the renderer or enable context isolation before deployment.
  • Restrict the execution of arbitrary scripts by ensuring the application only loads trusted local resources and avoid exposing the renderer to untrusted input.

Generated by OpenCVE AI on May 18, 2026 at 15:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 19 May 2026 08:45:00 +0000

Type Values Removed Values Added
First Time appeared Sourceforge
Sourceforge offline Hospital Management System
Vendors & Products Sourceforge
Sourceforge offline Hospital Management System

Mon, 18 May 2026 15:45:00 +0000

Type Values Removed Values Added
Title Remote Code Execution via Electron Misconfiguration in Offline Hospital Management System
Weaknesses CWE-78

Mon, 18 May 2026 14:30:00 +0000

Type Values Removed Values Added
Description Offline Hospital Management System 5.3.0 allows remote code execution due to an improper Electron renderer configuration. The application enables Node.js integration while disabling context isolation, allowing JavaScript executed in the renderer process to access Node.js APIs and execute arbitrary operating system commands.
References

Subscriptions

Sourceforge Offline Hospital Management System
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-05-18T14:03:16.036Z

Reserved: 2026-02-16T00:00:00.000Z

Link: CVE-2026-26462

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Deferred

Published: 2026-05-18T15:16:25.230

Modified: 2026-05-18T17:44:03.697

Link: CVE-2026-26462

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-19T08:19:10Z

Weaknesses