Vulnerability Report

CVE-2026-32127

Title: OpenEMR Authenticated SQL Injection

SQLi

Proof Of Concept

PoC Available for CVE-2026-32127

CWE Category CWE-89
Published Date Mar 11, 2026
Modified Date Mar 13, 2026
Exploit Status Available
Score 8.8 CVSS v3.1
Exploit Probability (EPSS)
0.33%

Vulnerability Summary

CVE-2026-32127: OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.1, OpenEMR contains a SQL injection vulnerability in the ajax graphs library that can be exploited by authenticated attackers. The vulnerability exists due to insufficient input validation in the ajax graphs library. This vulnerability is fixed in 8.0.0.1.

Impacted Vendors

O
openemr 1
O
open-emr 1

Reference Links

https://github.com/openemr/openemr/security/advisories/GHSA-v8q6-h79f-736x
CVSS v3.1
Source Entity [email protected]
Severity HIGH
8.8
Attack Vector
NETWORK
Complexity
LOW
Privileges
N/A
Interaction
NONE
Confidentiality
N/A
Integrity
N/A
Availability
N/A
Scope
UNCHANGED
RAW VECTOR CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Associated Attack Patterns (CAPEC)

Total: Patterns

CVE-2026-32127 Exploits & PoCs (Proof Of Concept)

GitHub https://github.com/ChrisSub08/CVE-2026-32127_SqlInjectionVulnerabilityOpenEMR8.0.0
View Code
MODIFIED

Vulnerability data updated via NVD.

MODIFIED

Vulnerability data updated via NVD.

MODIFIED

Vulnerability data updated via NVD.

MODIFIED

Vulnerability data updated via NVD.

Attack Vector Matrix

Access Vector NETWORK
Complexity LOW
Privileges N/A
Interaction NONE
CVSS Vector String CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Stack

No specific products linked.