Security Advisory

CVE-2026-33913

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-03-25 22:52:50

Last updated 2026-03-26 18:08:31

Assigner GitHub_M

State PUBLISHED

Description

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, an authenticated user with access to the Carecoordination module can upload a crafted CCDA document containing `<xi:include href="file:///etc/passwd" parse="text"/>` to read arbitrary files from the server. Version 8.0.0.3 patches the issue.

← Browse all CVEs View on cve.org ↗