CVE-2026-49120 | Medplum up to 5.1.13 FHIR server-side request forgery

A vulnerability marked as critical has been reported in Medplum up to 5.1.13. Affected by this vulnerability is an unknown functionality of the component FHIR Handler. This manipulation causes server-side request forgery.

This vulnerability is handled as CVE-2026-49120. The attack can be initiated remotely. There is not any exploit available.

It is suggested to upgrade the affected component.VulDB Recent EntriesRead More