Vulnerabilities in CGM CLININET and CGM NETRAAD software

CERT Polska coordinated disclosure of eight vulnerabilities in CGM CLININET and CGM NETRAAD (multiple CVEs) published 02 March 2026; issues include SQL injection in the NETRAAD imageserver, full authentication bypass and client-side authentication weaknesses, OS command injection, SQL injection in a service endpoint, insecure sequential MessageID access leading to authorization bypass, and missing clickjacking/security headers — collectively allowing database access, session takeover, code injection, and exposure of patient-related data in affected healthcare systems.