AI Finds 38 Security Flaws in Electronic Health Record Platform

VULNERABILITIES & THREATS THREAT INTELLIGENCE NEWS AI Finds 38 Security Flaws in Electronic Health Record Platform Flaws in OpenEMR's platform — used by more than 100,000 healthcare providers — enabled database compromise, remote code execution, and data theft. Jai Vijayan,Contributing Writer April 29, 2026 3 Min Read SOURCE: PANDPSTOCK001 VIA SHUTTERSTOCK An AI-powered analysis of the OpenEMR codebase uncovered 38 previously undisclosed vulnerabilities in the open source electronic health record (EHR) platform used by more than 100,000 healthcare providers worldwide. The vulnerabilities, all patched now, range in severity from medium to critical and include missing or incorrect authorization checks, cross-site scripting (XSS) flaws, SQL injection, path traversal, and session-related issues. More Than Three Dozen Flaws in 3 Months The flaws could have enabled a broad range of attacks against OpenEMR deployments, according to researchers at Aisle, which used the company's AI-powered platform to autonomously scan the OpenEMR codebase. "In the most severe cases, SQL injection vulnerabilities combined with modest database privileges could have led to full database compromise, PHI exfiltration at scale, and remote code execution on the server," the cybersecurity vendor said in a report this week.  Related:Another AI-Assisted Software Scan Yields 9-Year-Old Linux Bug Aisle discovered the 38 new CVEs in a span of just three months and reported them to the OpenEMR team, which released an updated version of its software (version 8.0.0) in February, then rolled out more patches to address additional issues in March.  The discovery is the latest example of how AI-powered tools have fundamentally transformed vulnerability research, compressing what previously used to take months of painstaking manual analysis into weeks and even days. As Aisle noted in its report, a comparable independent security audit of OpenEMR conducted in 2018 by a team of security researchers took much longer and yielded a smaller set of 23 vulnerabilities.  The accelerating flood of newly discovered vulnerabilities has begun posing new challenges for security teams from the perspective of triage, prioritization, and patching, especially because many of the issues that AI tools uncover turn out to be insignificant or not relevant. There is also growing concern over bad actors using the same AI tools to uncover vulnerabilities and exploits before defenders have a chance to address them — a worry that prompted the recent launch of Anthropic's Project Glasswing. Notable Vulnerabilities Aisle's report highlighted three of the newly discovered OpenEMR vulnerabilities: CVE-2026-24908, CVE-2026-23627 and CVE-2026-24487. CVE-2026-24908 is a maximum severity flaw (CVSS: 10.0) in OpenEMR's Patient REST API that allows external systems to request and retrieve patient records. The SQL Injection flaw gives anyone with a valid login credential to OpenEMR a way to retrieve password hashes and browse the contents of any database table. Under certain conditions, it enables an attacker to read or write arbitrary files on the server and potentially take full remote control of the underlying system.  Related:Vidar Rises to Top of Chaotic Infostealer Market CVE-2026-23627 (CVSS: 8.8) is a similar SQL injection flaw, this one affecting OpenEMR's immunization tracking module. The flaw allows an authenticated attacker to use specially crafted SQL queries to take over the underlying database, steal patient health information and credentials, and under some conditions enable remote code execution. CVE-2026-24487 (CVSS:6.5) is an authorization bypass flaw in OpenEMR's FHIR CareTeam endpoint, the interface that allows external healthcare systems to retrieve records of the clinical staff assigned to a patient's care. The flaw incorrectly returned data for every patient in the system rather than just the relevant patient's data. For each of the 38 vulnerabilities it discovered, Aisle also proposed fixes that OpenEMR maintainers could review and apply directly to their existing code, minimizing the time and effort that would have been involved to address them. OpenEMR has since also integrated Aisle's AI-powered analyzer into its code review process to automatically scan new code for vulnerabilities and to address them before production. Related:Unpatched 'PhantomRPC' Flaw in Windows Enables Privilege Escalation About the Author Jai Vijayan Contributing Writer Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year career at Computerworld, Jai also covered a variety of other technology topics, including big data, Hadoop, Internet of Things, e-voting, and data analytics. Prior to Computerworld, Jai covered technology issues for The Economic Times in Bangalore, India. Jai has a Master's degree in Statistics and lives in Naperville, Ill. Want more Dark Reading stories in your Google search results? ADD US NOW More Insights Industry Reports How Enterprises Are Developing Secure Applications How Enterprises Are Harnessing Emerging Technologies in Cybersecurity Ditch the Data Center: Understanding Flexible Cloud Infrastructure Security Management 2025 State of Malware Sysdig 2025 Cloud-Native Security and Usage Report Access More Research Webinars How Well Can You See What's in Your Cloud? Implementing CTEM: Beyond Vulnerability Management Defending Against AI-Powered Attacks: The Evolution of Adversarial Machine Learning Zero Trust Architecture for Cloud environments: Implementation Roadmap Tips for Managing Cloud Security in a Hybrid Environment? More Webinars You May Also Like VULNERABILITIES & THREATS Cheap Hardware Module Bypasses AMD, Intel Memory Encryption by Rob Wright NOV 25, 2025 VULNERABILITIES & THREATS Patch Now: Microsoft Flags Zero-Day & Critical Zero-Click Bugs by Jai Vijayan, Contributing Writer NOV 11, 2025 VULNERABILITIES & THREATS 350M Cars, 1B Devices Exposed to 1-Click Bluetooth RCE by Nate Nelson, Contributing Writer JUL 11, 2025 VULNERABILITIES & THREATS AI Agents Fail in Novel Ways, Put Businesses at Risk by Robert Lemos, Contributing Writer MAY 07, 2025 Editor's Choice СLOUD SECURITY Navigating the Unique Security Risks of Asia's Digital Supply Chain byAlexander Culafi APR 15, 2026 3 MIN READ CYBER RISK 20-Year-Old Malware Rewrites History of Cyber Sabotage byJai Vijayan APR 27, 2026 4 MIN READ Want more Dark Reading stories in your Google search results? Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox. SUBSCRIBE LOADING... Webinars How Well Can You See What's in Your Cloud? THURS, JUNE 4, 2026 AT 1:00PM EST Implementing CTEM: Beyond Vulnerability Management THURS, MAY 21, 2026 AT 1PM EST Defending Against AI-Powered Attacks: The Evolution of Adversarial Machine Learning MON, MAY 11, 2026 AT 1:00PM ET Zero Trust Architecture for Cloud environments: Implementation Roadmap TUES, MAY 12, 2026 AT 1PM EST Tips for Managing Cloud Security in a Hybrid Environment? THURS, MAY 7, 2026 AT 1PM EST More Webinars BLACK HAT ASIA | MARINA BAY SANDS, SINGAPORE Experience cutting-edge cybersecurity insights in this four-day event. Use code DARKREADING for a Free Business Pass or $200 off a Briefings Pass. GET YOUR PASS