CVE-2026-34360 | hapifhir org.hl7.fhir.core up to 6.9.3 HTTP Endpoint /loadIG server-side request forgery (GHSA-3ww8-jw56-9f5h)

A vulnerability categorized as critical has been discovered in hapifhir org.hl7.fhir.core up to 6.9.3. The impacted element is an unknown function of the file /loadIG of the component HTTP Endpoint. Executing a manipulation can lead to server-side request forgery.

This vulnerability is registered as CVE-2026-34360. It is possible to launch the attack remotely. No exploit is available.

It is advisable to upgrade the affected component.VulDB Recent EntriesRead More