A vulnerability categorized as problematic has been discovered in HAPI FHIR 5.4.0/6.4.0 . This impacts the function FHIRPathEngine.matches . Such manipulation leads to inefficient regular expression complexity. This vulnerability is referenced as CVE-2026-55470 . It is possible to launch the attack remotely. No exploit is available. It is advisable to upgrade the affected component.