Healthcare is digitizing faster than it is being secured. AI-assisted diagnostics, telemedicine, and automated billing are expanding access to care at unprecedented speed, but the security practices protecting these systems have not kept up. At the same time, attackers are increasingly using AI to find vulnerabilities faster than ever. The result is a widening gap between what healthcare software can do and how well it is defended.

OpenEMR sits squarely in that gap. It is one of the most widely adopted open-source electronic health record platforms in the world, used by over 100,000 medical providers serving more than 200 million patients across 34 languages. OpenEMR 8.0, released in February 2026, is ONC-certified under the U.S. federal Health IT certification program, including the full set of Privacy and Security criteria (§ 170.315(d)(1) through (d)(13)). Such reach makes protecting it essential.

That is why we chose OpenEMR as a focus of our open-source partnership security work. Our goal is to strengthen critical infrastructure by applying the same autonomous analysis engine that uncovered twelve zero-days in OpenSSL to a codebase that millions of patients depend on daily. The OpenEMR maintainers collaborated closely with us and responded to findings with speed and professionalism. What follows is a summary of what we found, how the issues were fixed, and what this experience reveals about the state of healthcare application security.

The Findings at a Glance

During Q1 2026, AISLE researchers Stanislav Fort, Petr Simecek, and Pavel Kohout applied the AISLE AI analyzer to the OpenEMR codebase and discovered 38 CVEs, accounting for more than half of all OpenEMR security advisories published on GitHub during this period.

For comparison, the most prominent prior independent security audit of OpenEMR was the 2018 Project Insecurity report, which generated international press coverage and disclosed 23 vulnerabilities after an extended research effort by a dedicated human team. AISLE's analyzer found 38 in just one quarter.

These vulnerabilities could have enabled a broad range of attacks against OpenEMR deployments. In the most severe cases, SQL injection vulnerabilities combined with modest database privileges could have led to full database compromise, PHI exfiltration at scale, and remote code execution on the server.

Notable Findings

Each of these vulnerabilities could be exploited to access or rewrite sensitive patient data:

CVE-2026-24908: SQL Injection in Patient REST API Sort Parameter

The second CVSS 10.0 finding lived in OpenEMR's Patient REST API, where the _sort query parameter lets clients choose the ordering for returned results, a common REST pattern. The values passed to _sort were concatenated directly into SQL ORDER BY clauses with no validation, no whitelisting of allowed sort fields, and no identifier escaping. A single missed call meant any authenticated client with an OAuth2 bearer token could exploit the flaw three ways: UNION SELECT payloads to extract credential hashes or arbitrary table contents; time-based blind injection via SLEEP() to confirm exploitability; and if the database user held FILE privileges, escalation to arbitrary file read/write and remote code execution.

CVE-2026-23627: SQL Injection in Immunization Search/Report

The Immunization module's search and report endpoints had a similar flaw, but in the web UI rather than the REST API. The patient_id form parameter was split on commas and each piece was stitched directly into SQL WHERE clauses without parameterization or escaping. Because the injection point was in a WHERE clause rather than an ORDER BY, exploitation was more straightforward. A UNION SELECT could extract data from any table in a single request, and time-based blind injection worked with a simple SLEEP() call. If the database user held FILE privileges, the attacker could also read server files or write a web shell, escalating to remote code execution.

CVE-2026-24487: FHIR Patient Compartment Bypass in CareTeam

The FHIR CareTeam endpoint returned care team data for every patient in the system, even when the request carried a patient-scoped OAuth2 token that should have restricted results to a single patient. The root cause was architectural: OpenEMR's FHIR layer uses a PHP interface (IPatientCompartmentResourceService) as a marker to decide which services receive patient-scoping filters. The FhirCareTeamService class never declared that interface, so the framework's instanceof check failed silently and no patient filter was injected. The underlying service already supported filtering by patient UUID; the code was simply never invoked.

Autonomous Issue Fixes

For each of the 38 CVEs, AISLE generated a repository-native fix proposal that reused OpenEMR's own abstractions, authorization patterns, and sanitization helpers. For the critical-severity CVE-2026-23627, AISLE independently produced the patch. In other cases, OpenEMR maintainers adapted AISLE's proposed remediation into the final fix.

This significantly reduced the time to remediation and made it easier for OpenEMR's dedicated maintainers to secure the codebase.

A Partnership for Patient Safety

Our engagement with OpenEMR began in mid-December 2025, when the AISLE analyzer first started inspecting the codebase. We reported the initial batch of findings in mid-January 2026, and from the very first disclosures, the OpenEMR Foundation worked alongside us on remediation, reviewing findings quickly, iterating on fixes, and engaging with the technical detail of every issue. The bulk of the AISLE-reported fixes shipped in OpenEMR 8.0.0 on February 11, 2026, roughly four weeks after the first disclosures, with the remainder landing across three subsequent patch releases throughout March.

In early April 2026, we formalized the partnership by integrating AISLE PRO, our AI-powered commit analyzer, into OpenEMR's code review workflow. Together, we can now detect many vulnerabilities at the code review stage, before they enter production, securing new code even as the team works through the existing backlog.

"For a project like OpenEMR, where the stakes are patient safety and health data privacy, we couldn't be more excited about our partnership with AISLE. Their autonomous analyzer uncovered dozens of vulnerabilities in our codebase. Now, with Aisle's analyzer running at the code review stage, we're catching and fixing vulnerabilities before they ever reach production."

— Brady Miller, MD, Executive Director of the OpenEMR Foundation

From Disclosure to Prevention with AISLE

AI-powered attacks increasingly target healthcare institutions to steal personally identifiable information, extort payments, and disrupt the delivery of life-saving care. Defenders need matching coverage. The OpenEMR engagement is what that looks like in practice: an autonomous analyzer finding real vulnerabilities in critical software, fixes landing in production within weeks, and the same system moving upstream to catch new vulnerabilities at code review, before they ever reach a patient record.

If your organization depends on software to deliver care, schedule a demo to see what AISLE can do.

Full Advisory List

Missing or incorrect authorization

The single largest category. Many endpoints accepted user-supplied record identifiers (patient IDs, note IDs, form IDs) and operated on them without verifying that the caller was permitted to access the referenced record. In access-control terminology, this is known as an Insecure Direct Object Reference (IDOR). A related subset involved endpoints that omitted Access Control List (ACL) checks entirely, allowing any authenticated user to reach functionality intended for administrators or specific roles. At one extreme, a single endpoint bypassed authentication entirely.

Cross-site scripting

User-controlled data was rendered into HTML or JavaScript without proper encoding, allowing an attacker to inject code that would run in another user's browser session. Several of these crossed the trust boundary between the patient portal and the clinical staff interface, meaning a patient could inject code that would execute in a clinician's or administrator's session.

SQL injection, path traversal, and session flaws

These included SQL injections (user input was concatenated directly into SQL queries without proper sanitization), an insufficient session expiration issue, and path traversals (user-controlled file paths were not restricted to the intended directory, enabling arbitrary file reads or writes on the server).

Our deepest appreciation goes to the OpenEMR maintainers for their professional collaboration. All issues were discovered using the AISLE AI analyzer and responsibly disclosed by Pavel Kohout, Petr Simecek, and Stanislav Fort.