Remote Code Execution in Offline Hospital Management System from Unknown Vendor
CVE-2026-26462
7.3HIGH
What is CVE-2026-26462?
The Offline Hospital Management System version 5.3.0 has a vulnerability that allows attackers to execute arbitrary code remotely. This occurs due to an improper configuration of the Electron renderer, which enables Node.js integration while disabling context isolation. As a result, malicious JavaScript running in the renderer process can access Node.js APIs, leading to potential execution of operating system commands and significant security risks.
