Lucene search
+L

722 matches found

ATTACKERKB
ATTACKERKB
added 2026/03/31 4:56 p.m.1 views

CVE-2026-34359

HAPI FHIR is a complete implementation of the HL7 FHIR standard for healthcare interoperability in Java. Prior to version 6.9.4, ManagedWebAccessUtils.getServer uses String.startsWith to match request URLs against configured server URLs for authentication credential dispatch. Because configured...

7.4CVSS5.8AI score0.00158EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2026/03/31 4:56 p.m.5 views

CVE-2026-34359 HAPI FHIR: Authentication Credential Leakage via Improper URL Prefix Matching on HTTP Redirect in HAPI FHIR Core

HAPI FHIR is a complete implementation of the HL7 FHIR standard for healthcare interoperability in Java. Prior to version 6.9.4, ManagedWebAccessUtils.getServer uses String.startsWith to match request URLs against configured server URLs for authentication credential dispatch. Because configured...

7.4CVSS5.8AI score0.00158EPSS
Exploits1References3
CVE
CVE
added 2026/03/31 4:56 p.m.21 views

CVE-2026-34359

Summary: CVE-2026-34359 affects HAPI FHIR Core prior to 6.9.4, where ManagedWebAccessUtils.getServer() used String.startsWith() to map request URLs to configured servers. This enables credential leakage via HTTP redirects to attacker-controlled domains that prefix-match configured URLs (e.g., htt...

9.1CVSS5.8AI score0.00158EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2026/03/31 12:0 a.m.12 views

HAPI FHIR 代码问题漏洞

HAPI FHIR is an open-source Java-based HL7 FHIR API developed by HAPI FHIR. Versions of HAPI FHIR prior to 6.9.4 contained code vulnerabilities. These vulnerabilities stemmed from the /loadIG endpoint of the FHIR Validator HTTP service, which did not validate the URL provided by the user,...

5.8CVSS5.9AI score0.00235EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/03/31 12:0 a.m.9 views

HAPI FHIR 安全漏洞

HAPI FHIR is an open-source Java-based HL7 FHIR API developed by HAPI FHIR. Versions of HAPI FHIR prior to 6.9.4 contained security vulnerabilities; these vulnerabilities were caused by improper URL prefix matching, which could lead to credential exposure...

9.1CVSS5.8AI score0.00158EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/03/31 12:0 a.m.9 views

HAPI FHIR 安全漏洞

HAPI FHIR is an open-source Java-based HL7 FHIR API developed by HAPI FHIR. Versions of HAPI FHIR prior to 6.9.4 contained security vulnerabilities. These vulnerabilities stemmed from the FHIR Validator HTTP service exposing unauthenticated /loadIG endpoints, and the credential provider had a fla...

9.3CVSS5.8AI score0.00299EPSS
Exploits1References1
vulnersOsv
vulnersOsv
added 2026/03/30 5:24 p.m.8 views

health.matchbox:matchbox-engine (>=4.0.19 <=4.1.0), org.hl7.fhir.publisher:org.hl7.fhir.publisher (>=2.1.0 <=2.2.3) +2 more potentially affected by CVE-2026-34359 +1 more via ca.uhn.hapi.fhir:org.hl7.fhir.validation (>=6.8.0 <=6.9.3)

ca.uhn.hapi.fhir:org.hl7.fhir.validation MAVEN version =6.8.0, =4.0.19, =2.1.0, =2.1.0, =2.1.0, =2.2.3 Source cves: CVE-2026-34359, CVE-2026-34361 Source advisory: SNYK:JAVA-CAUHNHAPIFHIR-15855464...

9.3CVSS5.8AI score0.00299EPSS
Exploits2
vulnersOsv
vulnersOsv
added 2026/03/30 5:24 p.m.7 views

ca.uhn.hapi.fhir:org.hl7.fhir.convertors (>=6.8.0 <=6.9.3), ca.uhn.hapi.fhir:org.hl7.fhir.dstu2 (>=6.8.0 <=6.9.3) +12 more potentially affected by CVE-2026-34359 +1 more via ca.uhn.hapi.fhir:org.hl7.fhir.utilities (>=6.8.0 <=6.9.3)

ca.uhn.hapi.fhir:org.hl7.fhir.utilities MAVEN version =6.8.0, =6.8.0, =6.8.0, =6.8.0, =6.8.0, =6.8.0, =6.8.0, =6.8.0, =6.8.0, =6.8.0, =4.0.19, =4.14.6, =2.1.0, =2.1.0, =2.1.0, =2.2.3 Source cves: CVE-2026-34359, CVE-2026-34361 Source advisory: SNYK:JAVA-CAUHNHAPIFHIR-15855298...

9.3CVSS5.8AI score0.00299EPSS
Exploits2
vulnersOsv
vulnersOsv
added 2026/03/30 5:24 p.m.7 views

ca.uhn.hapi.fhir:hapi-fhir-cli-api (>=4.0.0 <=8.8.1), ca.uhn.hapi.fhir:hapi-fhir-cli-app (>=5.6.5 <=7.4.5) +222 more potentially affected by CVE-2026-34361 via ca.uhn.hapi.fhir:org.hl7.fhir.validation (>=1.0.0 <=6.9.3)

ca.uhn.hapi.fhir:org.hl7.fhir.validation MAVEN version =1.0.0, =4.0.0, =5.6.5, =4.1.0, =4.1.0, =4.0.0, =5.0.0, =4.0.0, =5.3.0, =6.2.0, =5.1.0, =6.8.0, =6.4.0, =5.3.0, =4.0.0, =4.0.0, =8.8.1 and more Source cves: CVE-2026-34361 Source advisory: OSV:GHSA-VR79-8M62-WH98...

9.3CVSS5.4AI score0.00299EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2026/03/30 5:21 p.m.11 views

au.csiro.pathling:encoders (>=6.2.2 <=9.5.0), au.csiro.pathling:fhir-server (>=6.2.2 <=7.2.0) +244 more potentially affected by CVE-2026-34360 via ca.uhn.hapi.fhir:org.hl7.fhir.utilities (>=6.0.0 <=6.9.3)

ca.uhn.hapi.fhir:org.hl7.fhir.utilities MAVEN version =6.0.0, =6.2.2, =6.2.2, =6.2.2, =6.2.2, =6.2.2, =6.2.2, =6.6.0, =6.6.0, =6.6.0, =6.6.0, =6.6.0, =6.6.0, =8.8.1 and more Source cves: CVE-2026-34360 Source advisory: SNYK:JAVA-CAUHNHAPIFHIR-15855324...

5.8CVSS5.4AI score0.00235EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2026/03/30 5:19 p.m.7 views

io.connectedhealth-idaas:idaas-eventbuilder (=2.3.0) potentially affected by CVE-2026-34359 via ca.uhn.hapi.fhir:org.hl7.fhir.core (=5.1.7)

ca.uhn.hapi.fhir:org.hl7.fhir.core MAVEN version =5.1.7 is affected by a known vulnerability. The following packages have a transitive dependency on ca.uhn.hapi.fhir:org.hl7.fhir.core and may be impacted: - io.connectedhealth-idaas:idaas-eventbuilder =2.3.0 Source cves: CVE-2026-34359 Source...

9.1CVSS5.8AI score0.00158EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2026/03/30 5:19 p.m.9 views

au.csiro.pathling:encoders (>=5.1.0 <=9.5.0), au.csiro.pathling:fhir-server (>=5.3.1 <=7.2.0) +352 more potentially affected by CVE-2026-34359 via ca.uhn.hapi.fhir:org.hl7.fhir.utilities (>=0.0.1 <=6.9.3)

ca.uhn.hapi.fhir:org.hl7.fhir.utilities MAVEN version =0.0.1, =5.1.0, =5.3.1, =6.2.1, =5.3.1, =5.3.1, =5.3.0, =0.0.9, =5.6.5, =5.6.5, =5.6.5, =3.4.0, =5.6.5, =4.1.0, =4.0.3, =8.8.1 and more Source cves: CVE-2026-34359 Source advisory: OSV:GHSA-FGV2-4Q4G-WC35...

9.1CVSS5.4AI score0.00158EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2026/03/30 5:19 p.m.13 views

au.csiro.pathling:encoders (>=8.0.0 <=9.5.0), au.csiro.pathling:fhirpath (>=8.0.0 <=9.5.0) +164 more potentially affected by CVE-2026-34359 via ca.uhn.hapi.fhir:org.hl7.fhir.utilities (>=6.4.1 <=6.9.3)

ca.uhn.hapi.fhir:org.hl7.fhir.utilities MAVEN version =6.4.1, =8.0.0, =8.0.0, =8.0.0, =8.0.0, =8.0.0, =8.2.0, =8.2.0, =8.2.0, =8.2.0, =8.2.0, =8.2.0, =8.2.0, =8.2.0, =8.2.0, =8.8.1 and more Source cves: CVE-2026-34359 Source advisory: SNYK:JAVA-CAUHNHAPIFHIR-15855257...

9.1CVSS5.4AI score0.00158EPSS
Exploits1
GitLab Advisory Database
GitLab Advisory Database
added 2026/03/30 12:0 a.m.10 views

HAPI FHIR Core has Authentication Credential Leakage via Improper URL Prefix Matching on HTTP Redirect

ManagedWebAccessUtils.getServer uses String.startsWith to match request URLs against configured server URLs for authentication credential dispatch. Because configured server URLs e.g., http://tx.fhir.org lack a trailing slash or host boundary check, an attacker-controlled domain like...

9.1CVSS5.9AI score0.00158EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2026/03/23 10:53 a.m.13 views

CVE-2026-33180

A flaw was found in HAPI FHIR, a Java implementation of the HL7 FHIR standard. When the internal HTTP client follows redirects HTTP 30X response codes, it can inadvertently send sensitive HTTP headers, such as authentication tokens, to unintended third-party hosts. This information disclosure cou...

8.2CVSS5.7AI score0.00264EPSS
Exploits0References4
NVD
NVD
added 2026/03/20 11:16 p.m.4 views

CVE-2026-33180

HAPI FHIR is a complete implementation of the HL7 FHIR standard for healthcare interoperability in Java. Prior to version 6.9.0, when setting headers in HTTP requests, the internal HTTP client sends headers first to the host in the initial URL but also, if asked to follow redirects and a 30X HTTP...

8.2CVSS0.00264EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/03/20 10:19 p.m.2 views

CVE-2026-33180 HAPI FHIR HTTP authentication leak in redirects

HAPI FHIR is a complete implementation of the HL7 FHIR standard for healthcare interoperability in Java. Prior to version 6.9.0, when setting headers in HTTP requests, the internal HTTP client sends headers first to the host in the initial URL but also, if asked to follow redirects and a 30X HTTP...

7.5CVSS5.8AI score0.00264EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/20 10:19 p.m.7 views

CVE-2026-33180

HAPI FHIR is a complete implementation of the HL7 FHIR standard for healthcare interoperability in Java. Prior to version 6.9.0, when setting headers in HTTP requests, the internal HTTP client sends headers first to the host in the initial URL but also, if asked to follow redirects and a 30X HTTP...

7.5CVSS5.8AI score0.00264EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/03/20 10:19 p.m.27 views

CVE-2026-33180 HAPI FHIR HTTP authentication leak in redirects

HAPI FHIR is a complete implementation of the HL7 FHIR standard for healthcare interoperability in Java. Prior to version 6.9.0, when setting headers in HTTP requests, the internal HTTP client sends headers first to the host in the initial URL but also, if asked to follow redirects and a 30X HTTP...

7.5CVSS0.00264EPSS
Exploits0References1
OSV
OSV
added 2026/03/20 10:19 p.m.6 views

CVE-2026-33180 HAPI FHIR HTTP authentication leak in redirects

HAPI FHIR is a complete implementation of the HL7 FHIR standard for healthcare interoperability in Java. Prior to version 6.9.0, when setting headers in HTTP requests, the internal HTTP client sends headers first to the host in the initial URL but also, if asked to follow redirects and a 30X HTTP...

7.5CVSS5.9AI score0.00264EPSS
Exploits0References6
Rows per page
Query Builder