A vulnerability marked as critical has been reported in Medplum up to 5.1.13 . Affected by this vulnerability is an unknown functionality of the component FHIR Handler . This manipulation causes server-side request forgery. This vulnerability is handled as CVE-2026-49120 . The attack can be initiated remotely. There is not any exploit available. It is suggested to upgrade the affected component.