A vulnerability labeled as critical has been found in OpenEMR . This impacts an unknown function of the component MedEx Recall . The manipulation results in sql injection. This vulnerability was named CVE-2026-33909 . The attack may be performed from remote. There is no available exploit. The affected component should be upgraded.