OpenEMR XXE Vulnerability (CVE-2026-33913)
OpenEMR before version 8.0.0.3 is vulnerable to XML External Entity (XXE) injection, allowing an authenticated user with access to the Carecoordination module to upload a crafted CCDA document and read arbitrary files from the server.
OpenEMR, a free and open-source electronic health records and medical practice management application, is vulnerable to an XML External Entity (XXE) injection attack (CVE-2026-33913). This vulnerability affects versions prior to 8.0.0.3. An authenticated user with access to the Carecoordination module can exploit this flaw by uploading a specially crafted CCDA document. The malicious document contains an xi:include tag that references a file on the server (e.g., /etc/passwd), enabling the…
Detection coverage 2
Detect XXE Attempt via xi:include Tag
highDetects potential XXE attacks by identifying requests containing the `xi:include` tag in the URI query.
Detect Access to Sensitive Files via Web Server
criticalDetects attempts to access sensitive files (e.g., /etc/passwd) via web server logs, indicative of XXE or path traversal.
Detection queries are kept inside the platform. Get full rules →
Indicators of compromise
1