Main Vulnerability Database Exploits ID:12690 - Exploit for Origin validation error in FHIR - CVE-2026-34359

ID:12690 - Exploit for Origin validation error in FHIR - CVE-2026-34359

Published: May 4, 2026

Vulnerability identifier: #VU129395

Vulnerability risk: High

CVE-ID: CVE-2026-34359

CWE-ID: CWE-346

Exploitation vector: Remote access

Vulnerable software:
FHIR

Link to public exploit:

https://github.com/hapifhir/org.hl7.fhir.core/security/advisories/GHSA-fgv2-4q4g-wc35/#poc

Vulnerability description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to improper URL prefix matching on HTTP redirect in HAPI FHIR core. A remote attacker can gain access to sensitive information on the system or modify data.

Remediation

Install updates from vendor's website.

ID:12690 - Exploit for Origin validation error in FHIR - CVE-2026-34359

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human