{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-33917", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-03-24T15:41:47.492Z", "datePublished": "2026-03-25T23:31:20.557Z", "dateUpdated": "2026-03-26T14:24:11.718Z"}, "containers": {"cna": {"title": "OpenEMR has SQL Injection in CAMOS Form", "problemTypes": [{"descriptions": [{"cweId": "CWE-89", "lang": "en", "description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/openemr/openemr/security/advisories/GHSA-r6xq-mfwf-wgq8", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/openemr/openemr/security/advisories/GHSA-r6xq-mfwf-wgq8"}, {"name": "https://github.com/openemr/openemr/commit/4d48821d18e4125508d8217c43b09233c7f7e17f", "tags": ["x_refsource_MISC"], "url": "https://github.com/openemr/openemr/commit/4d48821d18e4125508d8217c43b09233c7f7e17f"}, {"name": "https://github.com/openemr/openemr/releases/tag/v8_0_0_3", "tags": ["x_refsource_MISC"], "url": "https://github.com/openemr/openemr/releases/tag/v8_0_0_3"}], "affected": [{"vendor": "openemr", "product": "openemr", "versions": [{"version": "< 8.0.0.3", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-25T23:31:20.557Z"}, "descriptions": [{"lang": "en", "value": "OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0.3 contais a SQL injection vulnerability in the ajax_save CAMOS form that can be exploited by authenticated attackers. The vulnerability exists due to insufficient input validation in the ajax_save page in the CAMOS form. Version 8.0.0.3 patches the issue."}], "source": {"advisory": "GHSA-r6xq-mfwf-wgq8", "discovery": "UNKNOWN"}}, "adp": [{"references": [{"url": "https://github.com/openemr/openemr/security/advisories/GHSA-r6xq-mfwf-wgq8", "tags": ["exploit"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-26T14:24:07.347306Z", "id": "CVE-2026-33917", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-26T14:24:11.718Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-33917", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-26T14:24:07.347306Z"}}}], "references": [{"url": "https://github.com/openemr/openemr/security/advisories/GHSA-r6xq-mfwf-wgq8", "tags": ["exploit"]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-26T14:24:02.217Z"}}], "cna": {"title": "OpenEMR has SQL Injection in CAMOS Form", "source": {"advisory": "GHSA-r6xq-mfwf-wgq8", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "openemr", "product": "openemr", "versions": [{"status": "affected", "version": "< 8.0.0.3"}]}], "references": [{"url": "https://github.com/openemr/openemr/security/advisories/GHSA-r6xq-mfwf-wgq8", "name": "https://github.com/openemr/openemr/security/advisories/GHSA-r6xq-mfwf-wgq8", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/openemr/openemr/commit/4d48821d18e4125508d8217c43b09233c7f7e17f", "name": "https://github.com/openemr/openemr/commit/4d48821d18e4125508d8217c43b09233c7f7e17f", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/openemr/openemr/releases/tag/v8_0_0_3", "name": "https://github.com/openemr/openemr/releases/tag/v8_0_0_3", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0.3 contais a SQL injection vulnerability in the ajax_save CAMOS form that can be exploited by authenticated attackers. The vulnerability exists due to insufficient input validation in the ajax_save page in the CAMOS form. Version 8.0.0.3 patches the issue."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-89", "description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-25T23:31:20.557Z"}}}, "cveMetadata": {"cveId": "CVE-2026-33917", "state": "PUBLISHED", "dateUpdated": "2026-03-26T14:24:11.718Z", "dateReserved": "2026-03-24T15:41:47.492Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-03-25T23:31:20.557Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:open-emr:openemr:*:*:*:*:*:*:*:*", "matchCriteriaId": "E3E098AF-42A1-4798-85A7-80052F19F809", "versionEndExcluding": "8.0.0.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0.3 contais a SQL injection vulnerability in the ajax_save CAMOS form that can be exploited by authenticated attackers. The vulnerability exists due to insufficient input validation in the ajax_save page in the CAMOS form. Version 8.0.0.3 patches the issue."}], "id": "CVE-2026-33917", "lastModified": "2026-03-26T16:26:36.493", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-03-26T00:16:39.470", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/openemr/openemr/commit/4d48821d18e4125508d8217c43b09233c7f7e17f"}, {"source": "security-advisories@github.com", "tags": ["Product"], "url": "https://github.com/openemr/openemr/releases/tag/v8_0_0_3"}, {"source": "security-advisories@github.com", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/openemr/openemr/security/advisories/GHSA-r6xq-mfwf-wgq8"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/openemr/openemr/security/advisories/GHSA-r6xq-mfwf-wgq8"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "security-advisories@github.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,8.0.0.3)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "openemr", "source": "cna", "vendor": "openemr"}, "product": "openemr", "vendor": "openemr"}], "analysis": {"en": {"generated_at": "2026-03-26T00:53:27.801078+00:00", "value": {"mitigation_remediation": ["Upgrade OpenEMR to version 8.0.0.3 or later to apply the vendor\u2011supplied patch.", "If an upgrade is not immediately possible, restrict or secure access to the ajax_save endpoint and monitor for unusual database activity.", "Consider implementing additional input validation or sanitization on the CAMOS form if custom changes are needed."], "summary": {"action": "Patch immediately", "impact": "SQL Injection leading to data compromise"}, "threat_synthesis": {"affected_systems": "The vulnerability affects the OpenEMR application, specifically any deployment running a version earlier than 8.0.0.3. The official patch is included in release 8.0.0.3 and later. No other vendor or product variants are listed.", "description_and_impact": "OpenEMR versions before 8.0.0.3 contain a SQL injection flaw within the ajax_save endpoint of the CAMOS form. The flaw arises from insufficient input validation, allowing an attacker who is authenticated to the application to construct arbitrary SQL queries. This can result in unauthorized read, alteration, or deletion of sensitive health and patient data, posing a significant confidentiality and integrity risk.", "risk_and_exploitability": "The CVSS score of 8.8 indicates high severity. While the EPSS score is not available, the known requirement for authenticated access reduces the initial attack surface, yet the impact remains severe for compromised accounts. The vulnerability is not present in CISA\u2019s KEV catalog, suggesting no publicly reported exploits at the time of disclosure. The likely attack vector involves a legitimate user making a crafted request to the ajax_save URL, exploiting the lack of validation to inject malicious SQL."}}}}, "created": "2026-03-26T11:31:11.236638+00:00", "updated": "2026-03-26T12:09:13.748060+00:00", "vendors": ["openemr", "openemr$PRODUCT$openemr"]}