top of page
perceptive_background_267k.jpg

Medplum before 5.1.14 contains a server-side request forgery vulnerability in the subscription worker that allows authenticated users to perform unauthorized in…

Published:

1 juni 2026 om 22:00:00

Alert date:

2 juni 2026 om 21:03:34

Source:

nvd.nist.gov

Click to open the original link from this advisory

Web Technologies, Cloud & Virtualization, Data Breach & Exfiltration

Medplum versions before 5.1.14 contain a server-side request forgery (SSRF) vulnerability in the subscription worker component. Authenticated users can exploit this by creating FHIR Subscription resources with malicious endpoint URLs pointing to internal network resources. The vulnerability allows attackers to target cloud metadata services, internal databases, and container orchestration endpoints. Successful exploitation can lead to exfiltration of IAM credentials and patient health records through POST requests containing full FHIR resource payloads. This affects healthcare applications using Medplum for FHIR-based health information exchange.

Technical details

Mitigation steps:

Affected products:

Medplum

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2026-49120
https://github.com/medplum/medplum/commit/87595e98d756d840d70d9dc87beb9d4f9e158b59
https://github.com/medplum/medplum/pull/9334
https://github.com/medplum/medplum/releases/tag/v5.1.14
https://www.vulncheck.com/advisories/medplum-ssrf-via-fhir-subscription-endpoint

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Deze website toont informatie afkomstig van externe bronnen; Perceptive aanvaardt geen verantwoordelijkheid voor de juistheid, volledigheid of actualiteit van deze informatie.

bottom of page