FHIR Validator SSRF via /loadIG Leads to Credential Theft
The FHIR Validator HTTP service is vulnerable to server-side request forgery (SSRF) via the `/loadIG` endpoint, enabling attackers to steal authentication tokens by exploiting a prefix-matching flaw in the credential provider.
The FHIR Validator HTTP service is susceptible to a server-side request forgery (SSRF) vulnerability through the unauthenticated /loadIG endpoint. This endpoint, intended for loading Implementation Guides (IGs), can be abused to make outbound HTTP requests to attacker-controlled URLs. The vulnerability stems from a combination of the SSRF and a flaw in how the application handles authentication credentials. Specifically, the ManagedWebAccessUtils.getServer() function uses startsWith() for URL prefix matching when determining whether to attach authentication tokens. An attacker can exploit this by registering a domain that is a prefix of a legitimate FHIR server URL, causing the application to send the server's authentication tokens (Bearer, Basic, API keys) to the attacker's domain. This flaw affects FHIR Validator versions prior to 6.9.4. Successful exploitation leads to credential theft, potentially enabling supply chain attacks and data breaches.
Attack Chain
- The attacker sends a POST request to the
/loadIGendpoint of the FHIR Validator HTTP service. - The POST request contains a JSON body with an
igfield set to an attacker-controlled URL that is a prefix of a legitimate FHIR server URL (e.g.,https://packages.fhir.org.attacker.com/malicious-ig). - The FHIR Validator processes the request and uses
IgLoader.loadIg()to load the IG, triggeringManagedWebAccess.get()to fetch content from the specified URL. ManagedWebAccess.get()creates aSimpleHTTPClientand attaches anauthProvider.- The
authProviderusesstartsWith()to check if the attacker-controlled URL matches the prefix of any configured FHIR server URLs. - Due to the prefix match, the authentication tokens (Bearer, Basic, API keys) associated with the legitimate FHIR server are added to the HTTP request headers.
- The
SimpleHTTPClientsends the HTTP request, including the stolen authentication tokens, to the attacker-controlled server. - The attacker captures the request and extracts the authentication tokens, potentially gaining unauthorized access to FHIR resources or registries.
Impact
Successful exploitation of this SSRF vulnerability allows attackers to steal authentication tokens configured for legitimate FHIR servers. This credential theft can lead to a variety of impacts. First, the stolen credentials can be used to compromise FHIR package registries, potentially enabling supply chain attacks where malicious FHIR packages are distributed to downstream consumers. Second, if the stolen credentials grant access to protected FHIR endpoints, patient health records and other sensitive data could be exposed, leading to data breaches and regulatory consequences. Finally, the compromised validator service can indirectly impact the security of external FHIR registries, package servers and other systems.
Recommendation
- Upgrade to FHIR Validator version 6.9.4 or later to patch CVE-2026-34361 and address the SSRF vulnerability.
- Deploy the Sigma rule
DetectSuspiciousFHIRValidatorLoadIGto monitor for exploitation attempts targeting the/loadIGendpoint. - Implement network monitoring to detect outbound connections from the FHIR Validator to suspicious or unexpected domains, using the IOC
https://packages.fhir.org.attacker.com/malicious-igas a starting point. - Review and harden the configuration of FHIR server authentication within
fhir-settings.json, minimizing the use of URL prefixes and employing more robust authentication mechanisms where possible.
Detection coverage 2
Detect Suspicious FHIR Validator /loadIG SSRF Attempt
highDetects attempts to exploit the FHIR Validator SSRF vulnerability by monitoring POST requests to the `/loadIG` endpoint with suspicious URLs.
Detect FHIR Validator Credential Leak via Outbound Connection
criticalDetects potential credential leakage by monitoring outbound network connections from the FHIR Validator process to suspicious domains.
Detection queries are available on the platform. Get full rules →
Indicators of compromise
1
url
| Type | Value |
|---|---|
| url | https://packages.fhir.org.attacker.com/malicious-ig |