Main Vulnerability Database Vulnerabilities #VU128546

Path traversal in OpenEMR - CVE-2026-25928

Published: April 30, 2026

Vulnerability identifier: #VU128546

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2026-25928

CWE-ID: CWE-22

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: OpenEMR

Affected software:
OpenEMR

Detailed vulnerability description

The vulnerability allows a remote user to write files outside the intended directory.

The vulnerability exists due to path traversal in controllers/C_Document.class.php upload_action_process() and zip_dicom_folder() when processing a user-supplied destination parameter during DICOM folder zip export. A remote user can submit a specially crafted destination value containing traversal sequences to write files outside the intended directory.

If files are written under the web root, this may enable remote code execution. The issue affects the DICOM zip/export feature and requires DICOM upload/export permission.

How to mitigate CVE-2026-25928

Install security update from vendor's website.

Sources

https://github.com/openemr/openemr/security/advisories/GHSA-rppw-f689-6hrm

Path traversal in OpenEMR - CVE-2026-25928

Detailed vulnerability description

How to mitigate CVE-2026-25928

Sources

Please verify you're human