Severity:
HIGH RISK
(8.5)
Server-Side Request Forgery (CWE-918) in Medplum FHIR Subscription Worker
CVE-2026-49120
Published:
Status:
Deferred
Summary
Affected Context
Exploit Preconditions
Why This Happens
Potential Impact
General Mitigation Guidance
How Teams Detect Issues Like This
Frequently Asked Questions
Source
NDV
Recent Vulnerabilities
CWE-266;CWE-285
(7.3)
Improper Authorization (CWE-285) in BeikeShop Stripe Plugin Callback
Authorization Bypass Leading to Unauthorized Actions
CWE-20;CWE-1287
(7.3)
Improper Input Validation (CWE-20) in Boost Serialization ≤ 1.91
Remote Attack Surface via Malformed Serialized Data (Potential DoS / Data Integrity Violation)
