AI Discovers 38 Vulnerabilities in OpenEMR Healthcare Software
Severity: High (Score: 72.0)
Sources: github.com, Darkreading, aisle.com, Markets.Businessinsider
Summary
An AI analysis by Aisle revealed 38 security vulnerabilities in OpenEMR, a widely used electronic health record platform. These vulnerabilities, which include critical SQL injection flaws, could have allowed attackers to access and manipulate sensitive patient data. OpenEMR is utilized by over 100,000 healthcare providers, impacting more than 200 million patients globally. The vulnerabilities were disclosed and patched in February 2026, with three critical CVEs identified: CVE-2026-24908, CVE-2026-23627, and CVE-2026-24487. The AI tool significantly accelerated the discovery process compared to previous audits. OpenEMR's maintainers are now using Aisle's AI platform to continuously monitor and secure their codebase. This incident highlights the dual-use potential of AI in cybersecurity, where both defenders and attackers can leverage the technology. The partnership aims to enhance the security posture of OpenEMR moving forward. Key Points: • Aisle's AI discovered 38 vulnerabilities in OpenEMR, including critical SQL injection flaws. • OpenEMR is used by over 100,000 providers, affecting more than 200 million patients worldwide. • The vulnerabilities were patched in February 2026, with ongoing AI support for future security.
Key Entities
- Cross-Site Scripting (xss) (mitre_attack)
- Data Breach (attack_type)
- Sql Injection (attack_type)
- Aisle (company)
- OpenEMR Foundation (company)
- OpenEMR (platform)
- FHIR (platform)
- India (country)
- United States (country)
- CVE-2026-23627 (cve)
- CVE-2026-24487 (cve)
- CVE-2026-24908 (cve)
- Cwe-79 - Cross-site Scripting (xss) (cwe)
- CWE-862 - Missing Authorization (cwe)
- Cwe-89 - SQL Injection (cwe)
- lookleftmarketing.com (domain)
- Healthcare (industry)
- Project Glasswing (campaign)