CVE-2026-25928 OpenEMR Vulnerable to Path Traversal When Zipping DICOM Folders

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.2, the DICOM zip/export feature uses a user-supplied destination or path component when creating the zip file, without sanitizing path traversal sequences e.g. ../. An attacker...

CVE-2026-25928

OpenEMR (product) has a path traversal vulnerability in the DICOM zip/export feature prior to version 8.0.0.2. The feature uses a user-supplied destination/path without sanitizing ../ sequences, enabling an attacker with DICOM upload/export permission to write files outside the intended directory...

EUVD-2026-13154

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.2, the DICOM zip/export feature uses a user-supplied destination or path component when creating the zip file, without sanitizing path traversal sequences e.g. ../. An attacker...

CVE-2026-25928 OpenEMR Vulnerable to Path Traversal When Zipping DICOM Folders

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.2, the DICOM zip/export feature uses a user-supplied destination or path component when creating the zip file, without sanitizing path traversal sequences e.g. ../. An attacker...

PT-2026-26331

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.2, the DICOM zip/export feature uses a user-supplied destination or path component when creating the zip file, without sanitizing path traversal sequences e.g. ../. An attacker...