CVE-2026-33913
Published
CVSS v3
7.7
HIGH
CVSS v2
N/A
Affected
1
PROJECT
Description
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, an authenticated user with access to the Carecoordination module can upload a crafted CCDA document containing `<xi:include href="file:///etc/passwd" parse="text"/>` to read arbitrary files from the server. Version 8.0.0.3 patches the issue.
The most popular open source electronic health records and medical practice management solution.
GitHub