CVE-2026-47117

OpenMed before 1.5.2 contains a remote code execution vulnerability in the PII privacy-filter model loading path. The privacy-filter dispatcher used broad substring matching on the user-supplied modelname parameter, allowing a value such as attacker/foo-privacy-filter-bar to route through a path...

PT-2026-45904

Patch Priority: Sitefinity Credential Exposure with likely internet exposure CVSS 9.8-10.0 Affected: Progress Sitefinity; OpenMed; Spacelabs Sentinel; Masteriyo LMS PRO; Kirki Internet-facing risks dominate, led by Sitefinity and multiple pre-auth remote code execution and privilege escalation...

CVE-2026-47117

OpenMed before 1.5.2 contains a remote code execution vulnerability in the PII privacy-filter model loading path. The privacy-filter dispatcher used broad substring matching on the user-supplied modelname parameter, allowing a value such as attacker/foo-privacy-filter-bar to route through a path...

EUVD-2026-33942

OpenMed before 1.5.2 contains a remote code execution vulnerability in the PII privacy-filter model loading path. The privacy-filter dispatcher used broad substring matching on the user-supplied modelname parameter, allowing a value such as attacker/foo-privacy-filter-bar to route through a path...

CVE-2026-47117

OpenMed before 1.5.2 contains a remote code execution vulnerability in the PII privacy-filter model loading path. The privacy-filter dispatcher used broad substring matching on the user-supplied modelname parameter, allowing a value such as attacker/foo-privacy-filter-bar to route through a path...

CVE-2026-47117 OpenMed < 1.5.2 Remote Code Execution via PII Model Loading

OpenMed before 1.5.2 contains a remote code execution vulnerability in the PII privacy-filter model loading path. The privacy-filter dispatcher used broad substring matching on the user-supplied modelname parameter, allowing a value such as attacker/foo-privacy-filter-bar to route through a path...

CVE-2026-47117 OpenMed < 1.5.2 Remote Code Execution via PII Model Loading

OpenMed before 1.5.2 contains a remote code execution vulnerability in the PII privacy-filter model loading path. The privacy-filter dispatcher used broad substring matching on the user-supplied modelname parameter, allowing a value such as attacker/foo-privacy-filter-bar to route through a path...

CVE-2026-47117

OpenMed prior to version 1.5.2 is affected by a remote code execution vulnerability in the PII privacy-filter model loading path. The privacy-filter dispatcher uses broad substring matching on the user-supplied model_name, enabling a value like attacker/foo-privacy-filter-bar to route to a path t...

PT-2026-45783

Name of the Vulnerable Software and Affected Versions OpenMed versions prior to 1.5.2 Description Remote code execution is possible in the PII privacy-filter model loading path. The privacy-filter dispatcher uses broad substring matching on the user-supplied model name parameter, which allows a...

OpenMed 代码注入漏洞

OpenMed is a medical text structuring and analysis tool developed by Maziyar Panahi. Versions of OpenMed prior to 1.5.2 contained a code injection vulnerability. This vulnerability stemmed from a remote code execution flaw in the path where the PII privacy filter model is loaded. It could allow...