{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/cve-2026-33913/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["cve-2026-33913","xxe","openemr","web-application"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eOpenEMR, a free and open-source electronic health records and medical practice management application, is vulnerable to an XML External Entity (XXE) injection attack (CVE-2026-33913). This vulnerability affects versions prior to 8.0.0.3. An authenticated user with access to the Carecoordination module can exploit this flaw by uploading a specially crafted CCDA document. The malicious document contains an \u003ccode\u003exi:include\u003c/code\u003e tag that references a file on the server (e.g., \u003ccode\u003e/etc/passwd\u003c/code\u003e), enabling the…\u003c/p\u003e\n","date_modified":"2026-03-26T12:00:00Z","date_published":"2026-03-26T12:00:00Z","id":"/briefs/2026-03-openemr-xxe/","summary":"OpenEMR before version 8.0.0.3 is vulnerable to XML External Entity (XXE) injection, allowing an authenticated user with access to the Carecoordination module to upload a crafted CCDA document and read arbitrary files from the server.","title":"OpenEMR XXE Vulnerability (CVE-2026-33913)","url":"https://feed.craftedsignal.io/briefs/2026-03-openemr-xxe/"}],"language":"en","title":"CraftedSignal Threat Feed — Cve-2026-33913","version":"https://jsonfeed.org/version/1.1"}