Vulnerabilities in the OpenEMR healthcare software could enable remote attackers to steal sensitive patient data, execute arbitrary commands, and take control of affected systems. OpenEMR is free software that is used to manage medical records. Additionally, it enables patients to pay bills, contact doctors, and set up appointments. Three vulnerabilities in OpenEMR have been found and reported by security researchers at Sonar Source, including two that can be chained together to allow remote code execution (RCE). “A combination of these flaws enables remote attackers to steal sensitive patient data from any OpenEMR server and execute arbitrary system commands. The worst-case scenario is that they could compromise the entire critical infrastructure, according to Sonar.