https://feed.craftedsignal.io/tags/cve-2026-33913/Trending threats, MITRE ATT&CK coverage, and detection metadata — refreshed continuously.Hugoenhello@craftedsignal.iohello@craftedsignal.ioThu, 26 Mar 2026 12:00:00 +0000https://feed.craftedsignal.io/briefs/2026-03-openemr-xxe/Thu, 26 Mar 2026 12:00:00 +0000hello@craftedsignal.iohttps://feed.craftedsignal.io/briefs/2026-03-openemr-xxe/OpenEMR before version 8.0.0.3 is vulnerable to XML External Entity (XXE) injection, allowing an authenticated user with access to the Carecoordination module to upload a crafted CCDA document and read arbitrary files from the server.OpenEMR, a free and open-source electronic health records and medical practice management application, is vulnerable to an XML External Entity (XXE) injection attack (CVE-2026-33913). This vulnerability affects versions prior to 8.0.0.3. An authenticated user with access to the Carecoordination module can exploit this flaw by uploading a specially crafted CCDA document. The malicious document contains an xi:include tag that references a file on the server (e.g., /etc/passwd), enabling the…

]]>highadvisorycve-2026-33913xxeopenemrweb-application