PatchSiren

hapifhir CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

HIGH hapifhir CVE published 2026-03-20

CVE-2026-33180

CVE-2026-33180 is a high-severity vulnerability in HAPI FHIR, a Java implementation of the HL7 FHIR standard for healthcare interoperability. The issue arises from the internal HTTP client sending headers to subsequent hosts when following redirects, potentially exposing sensitive information. This vulnerability has been patched in release 6.9.0. Users are advised to update to the latest version to mitiga [truncated]