CVE-2026-8032 MEDIUM

CVE-2026-8032: PicoTronica e-Clinic Healthcare System ECHS echs.js hard-coded credentials

Vendor Picotronica
Product e-Clinic Healthcare System ECHS
Weakness CWE-798 · Hardcoded credentials
Published May 6, 2026
Last update May 7, 2026

CVSS base score

6.9/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

What the vulnerability does

01Description

A flaw has been found in PicoTronica e-Clinic Healthcare System ECHS 5.7. The impacted element is an unknown function of the file /cdemos/echs/priv/echs.js. This manipulation of the argument ADMIN_KEY causes hard-coded credentials. The attack is possible to be carried out remotely. The exploit has been published and may be used. Upgrading to version 5.7.1 is sufficient to resolve this issue. The affected component should be upgraded. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.

Key dates

02Disclosure timeline

May 6, 2026 CVE published
May 7, 2026 Record updated