CVE-2026-34361 | hapifhir org.hl7.fhir.core up to 6.9.3 Validator HTTP Service /loadIG startsWith file access (GHSA-vr79-8m62-wh98)

A vulnerability classified as problematic was found in hapifhir org.hl7.fhir.core up to 6.9.3. Affected is the function startsWith of the file /loadIG of the component Validator HTTP Service. Such manipulation leads to files or directories accessible.

This vulnerability is uniquely identified as CVE-2026-34361. The attack can be launched remotely. No exploit exists.

Upgrading the affected component is advised.VulDB Recent EntriesRead More