AI Finds 38 Security Flaws in OpenEMR TechTarget and Informa Tech’s Digital Business Combine.TechTarget and InformaTechTarget and Informa Tech’s Digital Business Combine.Together, we power an unparalleled network of 220+ online properties covering 10,000+ granular topics, serving an audience of 50+ million professionals with original, objective content from trusted sources. We help you gain critical insights and make more informed decisions across your business priorities.Dark Reading Resource LibraryBlack Hat NewsOmdia CybersecurityAdvertiseNewsletter Sign-UpNewsletter Sign-UpCybersecurity TopicsRelated TopicsApplication SecurityCybersecurity CareersCloud SecurityCyber RiskCyberattacks & Data BreachesCybersecurity AnalyticsCybersecurity OperationsData PrivacyEndpoint SecurityICS/OT SecurityIdentity & Access Mgmt SecurityInsider ThreatsIoTMobile SecurityPerimeterPhysical SecurityRemote WorkforceThreat IntelligenceVulnerabilities & ThreatsRecent in Cybersecurity TopicsСloud SecurityHackers Use AI for Exploit Development, Attack AutomationHackers Use AI for Exploit Development, Attack AutomationbyAlexander CulafiMay 11, 20264 Min ReadСloud SecurityAfter Replacing TeamPCP Malware, 'PCPJack' Steals Cloud SecretsAfter Replacing TeamPCP Malware, 'PCPJack' Steals Cloud SecretsbyNate NelsonMay 7, 20265 Min ReadWorld Related TopicsDR GlobalMiddle East & AfricaAsia PacificLatin AmericaSee AllThe EdgeDR TechnologyEventsRelated TopicsUpcoming EventsPodcastsWebinarsSEE ALLResourcesRelated TopicsResource LibraryNewslettersPodcastsReportsVideosWebinarsWhite Papers Partner PerspectivesDark Reading Resource LibraryVulnerabilities & ThreatsThreat IntelligenceNewsAI Finds 38 Security Flaws in Electronic Health Record PlatformFlaws in OpenEMR's platform — used by more than 100,000 healthcare providers — enabled database compromise, remote code execution, and data theft.Jai Vijayan,Contributing WriterApril 29, 20263 Min ReadSource: pandpstock001 via ShutterstockAn AI-powered analysis of the OpenEMR codebase uncovered 38 previously undisclosed vulnerabilities in the open source electronic health record (EHR) platform used by more than 100,000 healthcare providers worldwide.The vulnerabilities, all patched now, range in severity from medium to critical and include missing or incorrect authorization checks, cross-site scripting (XSS) flaws, SQL injection, path traversal, and session-related issues.More Than Three Dozen Flaws in 3 MonthsThe flaws could have enabled a broad range of attacks against OpenEMR deployments, according to researchers at Aisle, which used the company's AI-powered platform to autonomously scan the OpenEMR codebase. "In the most severe cases, SQL injection vulnerabilities combined with modest database privileges could have led to full database compromise, PHI exfiltration at scale, and remote code execution on the server," the cybersecurity vendor said in a report this week. Related:Cyber Espionage Group Targets Aviation Firms to Steal Map DataAisle discovered the 38 new CVEs in a span of just three months and reported them to the OpenEMR team, which released an updated version of its software (version 8.0.0) in February, then rolled out more patches to address additional issues in March. The discovery is the latest example of how AI-powered tools have fundamentally transformed vulnerability research, compressing what previously used to take months of painstaking manual analysis into weeks and even days. As Aisle noted in its report, a comparable independent security audit of OpenEMR conducted in 2018 by a team of security researchers took much longer and yielded a smaller set of 23 vulnerabilities. The accelerating flood of newly discovered vulnerabilities has begun posing new challenges for security teams from the perspective of triage, prioritization, and patching, especially because many of the issues that AI tools uncover turn out to be insignificant or not relevant. There is also growing concern over bad actors using the same AI tools to uncover vulnerabilities and exploits before defenders have a chance to address them — a worry that prompted the recent launch of Anthropic's Project Glasswing.Notable VulnerabilitiesAisle's report highlighted three of the newly discovered OpenEMR vulnerabilities: CVE-2026-24908, CVE-2026-23627 and CVE-2026-24487.CVE-2026-24908 is a maximum severity flaw (CVSS: 10.0) in OpenEMR's Patient REST API that allows external systems to request and retrieve patient records. The SQL Injection flaw gives anyone with a valid login credential to OpenEMR a way to retrieve password hashes and browse the contents of any database table. Under certain conditions, it enables an attacker to read or write arbitrary files on the server and potentially take full remote control of the underlying system. Related:Why Security Leadership Makes or Breaks a Pen TestCVE-2026-23627 (CVSS: 8.8) is a similar SQL injection flaw, this one affecting OpenEMR's immunization tracking module. The flaw allows an authenticated attacker to use specially crafted SQL queries to take over the underlying database, steal patient health information and credentials, and under some conditions enable remote code execution.CVE-2026-24487 (CVSS:6.5) is an authorization bypass flaw in OpenEMR's FHIR CareTeam endpoint, the interface that allows external healthcare systems to retrieve records of the clinical staff assigned to a patient's care. The flaw incorrectly returned data for every patient in the system rather than just the relevant patient's data.For each of the 38 vulnerabilities it discovered, Aisle also proposed fixes that OpenEMR maintainers could review and apply directly to their existing code, minimizing the time and effort that would have been involved to address them. OpenEMR has since also integrated Aisle's AI-powered analyzer into its code review process to automatically scan new code for vulnerabilities and to address them before production.Related:How Dark Reading Lifted Off the Launchpad in 2006About the AuthorJai VijayanContributing WriterJai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year career at Computerworld, Jai also covered a variety of other technology topics, including big data, Hadoop, Internet of Things, e-voting, and data analytics. Prior to Computerworld, Jai covered technology issues for The Economic Times in Bangalore, India. Jai has a Master's degree in Statistics and lives in Naperville, Ill.See more from Jai VijayanWant more Dark Reading stories in your Google search results?Add Us NowMore InsightsIndustry ReportsHow Enterprises Are Developing Secure ApplicationsInside RSAC 2026: security leaders reveal the risks redefining your defense strategyHow Enterprises Are Harnessing Emerging Technologies in CybersecurityDitch the Data Center: Understanding Flexible Cloud Infrastructure Security Management2025 State of MalwareAccess More ResearchWebinarsThe New Attack Surface: How Attackers Are Exploiting OAuth to Own Your Cloud WorkspacePrompt Injection Is Just the Start: Securing LLMs in AI SystemsAnatomy of a Data Breach: What to Do if it Happens to YouHow Well Can You See What's in Your Cloud?Implementing CTEM: Beyond Vulnerability ManagementMore WebinarsEditor's ChoiceThreat IntelligenceFrom Stuxnet to ChatGPT: 20 News Events That Shaped CyberFrom Stuxnet to ChatGPT: 20 News Events That Shaped CyberbyDark Reading Editorial TeamMay 6, 202631 Min ReadCyber RiskPhysical Cargo Theft Gets a Boost From CybercriminalsPhysical Cargo Theft Gets a Boost From CybercriminalsbyRobert LemosMay 4, 20265 Min ReadWant more Dark Reading stories in your Google search results?Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.SubscribeRSAC 2026: key news & insightsAt RSAC 2026, Dark Reading captured critical intelligence on AI, new attack methods, geopolitics, and much moreGet Your RecapWebinarsThe New Attack Surface: How Attackers Are Exploiting OAuth to Own Your Cloud WorkspaceWed, June 24,2026 at 1pm ESTPrompt Injection Is Just the Start: Securing LLMs in AI SystemsTues, May 26, 2026, at 1pm ESTAnatomy of a Data Breach: What to Do if it Happens to YouJune 18th, 2026 | 11:00am -5:00pm ET | Doors Open at 10:30am ETHow Well Can You See What's in Your Cloud?Thurs, June 4, 2026 at 1:00pm ESTImplementing CTEM: Beyond Vulnerability ManagementThurs, May 21, 2026 at 1pm ESTMore WebinarsBlack Hat USA | Mandalay Bay, Las VegasThe premier cybersecurity event of the year returns to Mandalay Bay with a re‑engineered, six‑day program built to ignite innovation, push boundaries, and bring the global security community together like never before. Use code: DARKREADING to save $200 on a Briefings pass or $100 on a Business pass.GET YOUR PASSDiscover MoreBlack HatOmdiaWorking With UsAbout UsAdvertiseReprintsJoin UsNewsletter Sign-UpFollow UsCopyright © 2026 TechTarget, Inc. d/b/a Informa TechTarget. This website is owned and operated by Informa TechTarget, part of a global network that informs, influences and connects the world’s technology buyers and sellers. All copyright resides with them. Informa PLC’s registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. TechTarget, Inc.’s registered office is 275 Grove St. Newton, MA 02466.Home|Cookie Policy|Privacy|Terms of UseYour Privacy Choices

AI has identified 38 previously undisclosed security vulnerabilities within the OpenEMR electronic health record (EHR) platform, utilized by over 100,000 healthcare providers globally. The analysis, conducted by Aisle, leveraged an AI-powered platform to autonomously scan the OpenEMR codebase, revealing flaws ranging from medium to critical severity. These vulnerabilities included deficiencies in authorization checks, cross-site scripting (XSS) exploits, SQL injection weaknesses, path traversal issues, and session-related problems. The discovery occurred over a three-month period, significantly reducing the time required for vulnerability research compared to traditional, manual audits, as demonstrated by a 2018 security audit that yielded a smaller set of 23 vulnerabilities. The identified vulnerabilities could have facilitated attacks such as database compromise, protected health information (PHI) exfiltration, and remote code execution on servers. Specifically, CVE-2026-24908, a maximum severity flaw in the Patient REST API, allowed external systems to retrieve patient records through SQL injection. CVE-2026-23627, affecting the immunization tracking module, also permitted SQL injection attacks with similar consequences. CVE-2026-24487, an authorization bypass flaw in the FHIR CareTeam endpoint, exposed vulnerabilities regarding patient data retrieval. Aisle reported these vulnerabilities to OpenEMR, which promptly released an updated version (8.0.0) in February and further patches in March. The company integrated its AI analyzer into OpenEMR’s code review process to proactively identify and mitigate new vulnerabilities. The escalating volume of newly discovered vulnerabilities presents a significant challenge for security teams in terms of triage, prioritization, and patching efforts, prompted by the rapid deployment of AI-based vulnerability detection tools.