AI uncovers 38 vulnerabilities in largest open source medical record software
4 hours ago
- #Cybersecurity
- #Vulnerability Disclosure
- #Healthcare Technology
- AISLE discovered 38 CVEs in OpenEMR, an open-source electronic health record platform used by over 100,000 medical providers, during Q1 2026.
- Notable vulnerabilities include critical SQL injections (e.g., CVE-2026-24908, CVE-2026-23627) allowing data exfiltration and remote code execution, and an FHIR patient compartment bypass (CVE-2026-24487).
- The findings were addressed through a partnership with OpenEMR maintainers, with fixes deployed within weeks, and AISLE PRO was integrated into code review to prevent future vulnerabilities.