CVE-2026-40075 | OpenMRS up to 2.7.8/2.8.5 ModuleResourcesServlet moduleResources getFile path traversal (GHSA-jjgj-cx3q-pw4w / EUVD-2026-27508)

A vulnerability identified as critical has been detected in OpenMRS up to 2.7.8/2.8.5. Affected by this vulnerability is the function getFile of the file /openmrs/moduleResources/ of the component ModuleResourcesServlet. Performing a manipulation results in path traversal.

This vulnerability is identified as CVE-2026-40075. The attack can be initiated remotely. There is not any exploit available.

You should upgrade the affected component.VulDB Recent EntriesRead More