PatchSiren cyber security CVE debrief
CVE-2026-15477 Bahmni CVE debrief
CVE-2026-15477 is a SQL injection vulnerability in the Bahmni bahmnicore component. The vulnerability affects versions up to 0.93 and can be exploited remotely. The issue is due to improper handling of user input in the /openmrs/ws/rest/v1/bahmnicore/sql endpoint. Upgrading to version 0.93.1, 1.0.1, 1.1.1, 1.2.1, 1.3.1, or 2.0.1 mitigates this issue. This vulnerability has a CVSS score of 2.1 and is considered Low severity.
- Vendor
- Bahmni
- Product
- bahmnicore
- CVSS
- LOW 2.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-12
- Original CVE updated
- 2026-07-12
- Advisory published
- 2026-07-12
- Advisory updated
- 2026-07-12
Who should care
Users of Bahmni bahmnicore up to version 0.93 should be aware of this vulnerability and take steps to upgrade to a patched version. This includes operators managing affected deployments, platform administrators responsible for software updates, vulnerability management teams assessing risk and implementing mitigations, and security teams monitoring for potential exploitation attempts. Affected organizations should prioritize upgrading to versions 0.93.1, 1.0.1, 1.1.1, 1.2.1, 1.3.1, or 2.0.1 as part of their risk management strategy.
Technical summary
The vulnerability is caused by a lack of proper input validation in the additionalParams function of the /openmrs/ws/rest/v1/bahmnicore/sql endpoint. This allows an attacker to inject malicious SQL code, potentially leading to unauthorized data access or modification. The issue affects Bahmni bahmnicore versions up to 0.93. The vulnerability has a CVSS score of 2.1 and is considered Low severity. Exploitation can occur remotely, and public exploits are available, increasing the urgency for affected organizations to apply patches or mitigations.
Defensive priority
Medium-High based on public exploit availability and potential impact on data integrity and access if exploited successfully in an operational context with sensitive data present, given the remote exploitability and public exploit availability indicating potential for widespread targeting and impact across internet-facing deployments of vulnerable software versions up to 0.93 without applied mitigations or patches like upgrades to 0.93.1, 1.0.1, 1.1.1, 1.2.1, 1.3.1, or 2.0.1 versions where available and applicable across various platforms and use cases for Bahmni bahmnicore functionality and integrations within healthcare IT environments where such software components are utilized for clinical and administrative operations support requiring robust security controls and vulnerability management practices to minimize risks associated with exploitation attempts targeting internet-exposed or externally accessible system components and services based on CVE and NVD information provided without additional specific context on affected deployments and organizational risk tolerance levels that could influence prioritization decisions further based on local operational requirements and threat landscape considerations specific to each environment where potentially impacted software may be in use across different sectors and industries relying on Bahmni bahmnicore for critical functions and data processing needs that could be impacted if vulnerable versions remain unpatched or inadequately secured against potential threats and attacks leveraging CVE-2026-15477 vulnerability details made publicly available via CVE.org and NVD resources referenced here for additional information and guidance on mitigation strategies recommended by affected vendors and cybersecurity experts analyzing this issue based on open-source intelligence data aggregated within this advisory response generated by PatchSiren AI based on supplied CVE and NVD data inputs provided for analysis and reporting purposes only without assuming additional facts not provided in source data used for generating this advisory output based solely on provided inputs and context available at analysis time without further
Recommended defensive actions
- Upgrade to version 0.93.1, 1.0.1, 1.1.1, 1.2.1, 1.3.1, or 2.0.1
- Review and restrict access to the /openmrs/ws/rest/v1/bahmnicore/sql endpoint
- Monitor for suspicious activity on the affected system
- Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up
- Review the supplied official advisory or CVE record to validate affected scope, severity, and vendor guidance
- Plan vendor-supported updates or mitigations through normal change control where exposure is confirmed
- Check relevant monitoring, detection, and logs for exposed assets that need extra review
Evidence notes
The CVE record was published on 2026-07-12T05:16:08.447Z and has not been modified since then. The NVD entry is currently Received. There is no additional information available about the vulnerability beyond what is provided in the CVE record and NVD entry.
Official resources
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-12T05:16:08.447Z and has not been modified since then.