A vulnerability, which was classified as critical , was found in medkey-org medkey up to fc09b7ba9441ff590b72d428d5380834216b09ed . Impacted is the function actionGetPatientById of the file app\modules\medical\port\rest\controllers\PatientController.php of the component HTTP REST API . The manipulation of the argument ID results in improper control of resource identifiers. This vulnerability was named CVE-2026-12207 . The attack may be performed from remote. In addition, an exploit is available.