Unrated severityNVD Advisory· Published Feb 25, 2026· Updated Feb 26, 2026

OpenEMR has SQL Injection Vulnerability

CVE-2026-25746

Description

OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0 contain a SQL injection vulnerability in prescription that can be exploited by authenticated attackers. The vulnerability exists due to insufficient input validation in the prescription listing functionality. Version 8.0.0 fixes the vulnerability.

Affected products

Openemr/Openemrv5
Range: < 8.0.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/openemr/openemr/blob/2b46e594b9dd665fb7f16c913ca07f5c6d54412b/library/classes/Controller.class.phpmitrex_refsource_MISC
github.com/openemr/openemr/blob/9fa8db9f12d0b70985195b11b90f2dc564bd3b24/controller.phpmitrex_refsource_MISC
github.com/openemr/openemr/blob/9fa8db9f12d0b70985195b11b90f2dc564bd3b24/controllers/C_Prescription.class.phpmitrex_refsource_MISC
github.com/openemr/openemr/blob/9fa8db9f12d0b70985195b11b90f2dc564bd3b24/library/classes/Prescription.class.phpmitrex_refsource_MISC
github.com/openemr/openemr/commit/e230d3ef46425ffc96a37dc6369428aa37c88554mitrex_refsource_MISC
github.com/openemr/openemr/security/advisories/GHSA-78r7-g65p-gpw3mitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000