CVE-2026-10528
Orthanc DICOM Server DCMTK FromDcmtkBridge.cpp read stack-based overflow
CVSS Score
3.3
EPSS Score
0.0%
EPSS Percentile
0th
A security flaw has been discovered in Orthanc DICOM Server up to 1.12.11. This issue affects the function DcmItem::read of the file OrthancFramework/Sources/DicomParsing/FromDcmtkBridge.cpp of the component DCMTK Parser. Performing a manipulation results in stack-based buffer overflow. Attacking locally is a requirement. The exploit has been released to the public and may be used for attacks. The patch is named bae99026ca97. To fix this issue, it is recommended to deploy a patch.
| CWE | CWE-121 CWE-119 |
| Vendor | orthanc |
| Product | dicom server |
| Published | Jun 2, 2026 |
| Last Updated | Jun 2, 2026 |
Stay Ahead of the Next One
Get instant alerts for orthanc dicom server
Be the first to know when new low vulnerabilities affecting orthanc dicom server are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
Orthanc / DICOM Server
1.12.0 1.12.1 1.12.2 1.12.3 1.12.4 1.12.5 1.12.6 1.12.7 1.12.8 1.12.9 1.12.10 1.12.11
References
vuldb.com: https://vuldb.com/vuln/367636 vuldb.com: https://vuldb.com/vuln/367636/cti vuldb.com: https://vuldb.com/cve/CVE-2026-10528 vuldb.com: https://vuldb.com/submit/820766 orthanc.uclouvain.be: https://orthanc.uclouvain.be/bugs/show_bug.cgi?id=258 orthanc.uclouvain.be: https://orthanc.uclouvain.be/bugs/show_bug.cgi?id=258#c4 orthanc.uclouvain.be: https://orthanc.uclouvain.be/bugs/attachment.cgi?id=150 orthanc.uclouvain.be: https://orthanc.uclouvain.be/hg/orthanc/rev/bae99026ca97
Credits
๐ dapickle (VulDB User)