CVE-2026-49120 — Medplum before 5.1.14 contains a server-side request forgery vulnerability in the subscription worker that allows authenticated users to perform unauthorized internal network requests by creating FHIR — CVE Database · The Intelligence Room