A vulnerability categorized as critical has been discovered in hapifhir HAPI FHIR up to 6.9.9. The affected element is the function
saxonTransform of the file org/hl7/fhir/utilities/XsltUtilities.java of the component XsltUtilities. Such manipulation leads to xml external entity reference.
This vulnerability is uniquely identified as CVE-2026-55471. The attack can be launched remotely. No exploit exists.