Remote Code Execution in Offline Hospital Management System from Unknown Vendor
CVE-2026-26462

7.3HIGH

Key Information:

Vendor
CVE Published:
18 May 2026

What is CVE-2026-26462?

The Offline Hospital Management System version 5.3.0 has a vulnerability that allows attackers to execute arbitrary code remotely. This occurs due to an improper configuration of the Electron renderer, which enables Node.js integration while disabling context isolation. As a result, malicious JavaScript running in the renderer process can access Node.js APIs, leading to potential execution of operating system commands and significant security risks.

References

CVSS V3.1

Score:
7.3
Severity:
HIGH
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.