The vulnerability arises from an unauthenticated endpoint that allows outbound HTTP requests. An attacker can supply a URL that the validator will resolve, causing the system to issue an HTTP request to an attacker‑controlled address. Because the credential provider performs a startsWith() comparison when determining which authentication token to send, a malicious domain that shares a prefix with a legitimate server can trick the validator into sending the token. The stolen token may be a bearer, basic, or API key, giving the attacker full authorization against the target FHIR server. The resulting impact is the disclosure of privileged credentials, which can lead to data breaches, unauthorized data modification, or impersonation of legitimate users.

The affected product is HAPI FHIR (org.hl7.fhir.core) for all Java releases before version 6.9.4. The flaw may impact any deployment that exposes the Validator HTTP service. In particular, systems using the /loadIG endpoint without authentication and running versions older than 6.9.4 are vulnerable.

The CVSS score of 9.3 marks the issue as critical. The exploit is unpatched in public releases prior to 6.9.4, yet no EPSS estimate is publicly published. The vulnerability is not listed in CISA’s KEV catalog, but its high severity and lack of requirement for local privileges suggest it is attractive to attackers. An external user can trigger the vulnerability by sending a crafted request to the /loadIG endpoint, which will cause the server to fetch an attacker‑controlled URL, leaking credentials through the upstream request headers. The required conditions are simply network connectivity to the vulnerable FHIR server and an available /loadIG service.