CVE-2025-15581
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
Orthanc versions before 1.12.10 are affected by an authorisation logic flaw in the application's HTTP Basic Authentication implementation. Successful exploitation could result in Privilege Escalation, potentially allowing full administrative access.
| CWE | CWE-287 |
| Vendor | orthanc-server |
| Product | orthanc |
| Published | Feb 18, 2026 |
| Last Updated | Feb 28, 2026 |
Stay Ahead of the Next One
Get instant alerts for orthanc-server orthanc
Be the first to know when new unknown vulnerabilities affecting orthanc-server orthanc are published — delivered to Slack, Telegram or Discord.
Get Free Alerts →
Free · No credit card · 60 sec setup
Affected Versions
orthanc-server / orthanc
0 ≤ 1.12.9
References
projectblack.io: https://projectblack.io/blog/orthanc-1-12-9-user-impersonation/#exploitation discourse.orthanc-server.org: https://discourse.orthanc-server.org/t/orthanc-1-12-10/6326 orthanc.uclouvain.be: https://orthanc.uclouvain.be/bugs/show_bug.cgi?id=252 lists.debian.org: https://lists.debian.org/debian-lts-announce/2026/02/msg00033.html