Skip to main content
ZDI-CAN-28734 HIGH 7.7 Overdue Jan 30, 2026

Medplum

Medplum is a healthcare data platform that manages patient records and medical information systems. This high-severity vulnerability (CVSS 7.7) likely allows remote exploitation with limited or no authentication requirements, potentially affecting the confidentiality and integrity of sensitive health data. Security teams should monitor for any exploitation attempts targeting Medplum deployments and prepare patches ahead of the May 30, 2026 vendor deadline.

Advisory Details
Researcher Brandon Evans of TrendAI Zero Day Initiative
Reported January 30, 2026
Deadline May 30, 2026 48d overdue

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy