Skip to main content

Medplum

1 CVEs product

Monthly

CVE-2026-49120 MEDIUM PATCH This Month

Server-side request forgery in Medplum versions prior to 5.1.14 lets authenticated users abuse the FHIR Subscription worker to make the server issue HTTP POST requests to arbitrary internal endpoints. Because the worker delivers full FHIR resource payloads to attacker-chosen URLs, attackers can target cloud instance metadata services (e.g., AWS IMDS), internal databases, and orchestrator APIs to steal IAM credentials and exfiltrate patient health records. No public exploit identified at time of analysis, but a vendor patch and a VulnCheck advisory are available.

SSRF Medplum
NVD GitHub
CVSS 4.0
6.3
EPSS
0.0%
EPSS 0% CVSS 6.3
MEDIUM PATCH This Month

Server-side request forgery in Medplum versions prior to 5.1.14 lets authenticated users abuse the FHIR Subscription worker to make the server issue HTTP POST requests to arbitrary internal endpoints. Because the worker delivers full FHIR resource payloads to attacker-chosen URLs, attackers can target cloud instance metadata services (e.g., AWS IMDS), internal databases, and orchestrator APIs to steal IAM credentials and exfiltrate patient health records. No public exploit identified at time of analysis, but a vendor patch and a VulnCheck advisory are available.

SSRF Medplum
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy