CVE-2026-26462

Published: Mag 18, 2026 Last Modified: Mag 20, 2026

ExploitDB:

Other exploit source:

Google Dorks:

HIGH 7,3

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

Attack Vector: network

Attack Complexity: low

Privileges Required: none

User Interaction: none

Scope: unchanged

Confidentiality: low

Integrity: low

Availability: low

Description

AI Translation Available

Offline Hospital Management System 5.3.0 allows remote code execution due to an improper Electron renderer configuration. The application enables Node.js integration while disabling context isolation, allowing JavaScript executed in the renderer process to access Node.js APIs and execute arbitrary operating system commands.

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score

0,0006

Percentile

0,2th

Updated

EPSS Score Trend (Last 2 Days)

917

Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')

Incomplete

Abstraction: Base Structure: Simple

Common Consequences

Security Scopes Affected:

Confidentiality Integrity

Potential Impacts:

Read Application Data Execute Unauthorized Code Or Commands

Applicable Platforms

Languages: Java

View CWE Details

https://medium.com/@husaainpalh/remote-code-execution-in-of…

https://medium.com/@husaainpalh/remote-code-execution-in-offline-hospital-manag…

https://sourceforge.net/projects/hospital-management-system…

https://sourceforge.net/projects/hospital-management-system/files/

CVE-2026-26462

Description

EPSS (Exploit Prediction Scoring System)

EPSS (Exploit Prediction Scoring System)

EPSS Score Trend (Last 2 Days)

Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')

Common Consequences

Applicable Platforms

Iscriviti alla newsletter