CVE-2026-55470
HAPI FHIR is a complete implementation of the HL7 FHIR standard for healthcare interoperability in Java. Prior to 6.9.10, the fix for CVE-2026-45367 incompletely patched the DSTU2 module, leaving FHIRPathEngine.matches in org.hl7.fhir.dstu2/utils/FHIRPathEngine.java to call raw String.matchessw...