← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
TESTING NO ACTION REQUIRED OpenEMR Platform Patched Against 38 Vulnerabilities Including Two Critical Zero Days
WHITE CODERED_VTA 2026-04-28 Modified: 2026-04-28
7
IOCs
LOW VOLUME
Security researchers have identified 38 vulnerabilities in OpenEMR, an open-source electronic medical record software platform used by approximately 100,000 healthcare providers worldwide. The flaws were discovered through AI-driven analysis during early 2026 and have since been patched in the latest version of the software. Among the vulnerabilities were two maximum severity zero-day flaws rated CVSS 10.0, which posed significant risks to healthcare organizations using the platform. The remaini...
initial-accesscredential-accessprivilege-escalationexfiltrationexecutionT1190T1078T1552T1213T1059T1041highvtathreat-intelligence
Indicators of Compromise (7)
All CVE domain hostname
TYPEINDICATORDESCRIPTIONCREATED
CVE CVE-2026-24898 2026-04-28
CVE CVE-2026-24908 2026-04-28
domain healthcareinfosecurity.com 2026-04-28
domain githubcopilot.com 2026-04-28
hostname api.githubcopilot.com 2026-04-28
domain medexbank.com 2026-04-28
domain target-openemr.com 2026-04-28
References (3)
↗ https://github.com/openemr/openemr/security/advisories/GHSA-qwff-3mw7-7rc7 ↗ https://github.com/openemr/openemr/security/advisories/GHSA-rcc2-45v3-qmqm ↗ https://www.bankinfosecurity.com/researchers-find-38-flaws-in-openemr-theyve-been-fixed-a-31520