CVE-2026-33180: Hapifhir Validationengine Global Security Bypass
Modifying security settings directly on a ValidationEngine instance (e.g., using setSecurityChecks) applies these settings globally because the engine is often cached. This forces relaxed security settings onto per-request validators, bypassing required request-specific security boundaries. Use InstanceValidatorParameters to supply request-specific configura
greprules fetch cve-2026-33180-hapifhir-validationengine-global-security-bypass --engine opengrepDescription
Modifying security settings directly on a ValidationEngine instance (e.g., using setSecurityChecks) applies these settings globally because the engine is often cached. This forces relaxed security settings onto per-request validators, bypassing required request-specific security boundaries. Use InstanceValidatorParameters to supply request-specific configura
Detection target
Not provided
Recommended fix
Not provided
False-positive notes
Not provided
Community feedback
Sign in to report false positives, mark this rule useful, or suggest metadata improvements.