Skip to main content

Medplum CVE-2026-49120

| EUVDEUVD-2026-33998 MEDIUM
Server-Side Request Forgery (SSRF) (CWE-918)
2026-06-02 VulnCheck GHSA-w852-7r27-32c6
6.3
CVSS 4.0 · Vendor: VulnCheck
Share

Severity by source

Vendor (VulnCheck) PRIMARY
6.3 MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:H/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from Vendor (VulnCheck) · only source for this CVE.

CVSS VectorVendor: VulnCheck

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:H/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

4
Severity Changed
Jun 02, 2026 - 20:22 NVD
HIGH MEDIUM
CVSS changed
Jun 02, 2026 - 20:22 NVD
8.5 (HIGH) 6.3 (MEDIUM)
Source Code Evidence Fetched
Jun 02, 2026 - 20:21 vuln.today
Analysis Generated
Jun 02, 2026 - 20:21 vuln.today

DescriptionCVE.org

Medplum before 5.1.14 contains a server-side request forgery vulnerability in the subscription worker that allows authenticated users to perform unauthorized internal network requests by creating FHIR Subscription resources with arbitrary endpoint URLs. Attackers can point subscription endpoints at internal addresses such as cloud instance metadata services, internal databases, or container orchestration endpoints to exfiltrate IAM credentials and patient health records via the POST body containing full FHIR resource payloads.

AnalysisAI

Server-side request forgery in Medplum versions prior to 5.1.14 lets authenticated users abuse the FHIR Subscription worker to make the server issue HTTP POST requests to arbitrary internal endpoints. Because the worker delivers full FHIR resource payloads to attacker-chosen URLs, attackers can target cloud instance metadata services (e.g., AWS IMDS), internal databases, and orchestrator APIs to steal IAM credentials and exfiltrate patient health records. No public exploit identified at time of analysis, but a vendor patch and a VulnCheck advisory are available.

Technical ContextAI

Medplum is an open-source FHIR-native healthcare developer platform that processes clinical resources through asynchronous workers. FHIR Subscription resources (HL7 FHIR R4) let clients register a channel.endpoint URL that the server invokes whenever a matching resource changes - and Medplum's subscription worker performed those outbound POSTs without validating the destination, allowing the host portion to be replaced with internal-only addresses. This is a textbook CWE-918 Server-Side Request Forgery: the trusted server becomes a proxy, and because the request body is the full FHIR resource, the SSRF doubles as an exfiltration channel rather than a blind probe. Affected scope is cpe:2.3:a:medplum:medplum:* up to but not including 5.1.14.

RemediationAI

Vendor-released patch: Medplum 5.1.14 - upgrade immediately using https://github.com/medplum/medplum/releases/tag/v5.1.14 (fix commit 87595e98d756d840d70d9dc87beb9d4f9e158b59, PR #9334). If you cannot upgrade right away, restrict who can create or update FHIR Subscription resources via Medplum AccessPolicy so that only fully trusted project administrators hold Subscription write rights, accepting that this disables self-service webhook integrations for other roles. At the infrastructure layer, enforce IMDSv2 with hop-limit 1 on EC2 hosts running Medplum and apply egress firewall rules that block the worker from reaching RFC1918 ranges, 169.254.0.0/16 (link-local/metadata), and internal service CIDRs - be aware this will also break any legitimate subscriptions pointing at private webhook receivers and may require an allow-list. Audit existing Subscription resources for suspicious endpoint URLs and rotate any IAM credentials that were reachable from the Medplum worker before patching.

Share

CVE-2026-49120 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy