CVE-2026-5440

HIGH 7.5

Memory Exhaustion via Unbounded Content-Length

CVSS Score

7.5

EPSS Score

0.0%

EPSS Percentile

0th

A memory exhaustion vulnerability exists in the HTTP server due to unbounded use of the `Content-Length` header. The server allocates memory directly based on the attacker supplied header value without enforcing an upper limit. A crafted HTTP request containing an extremely large `Content-Length` value can trigger excessive memory allocation and server termination, even without sending a request body.

Vendor	orthanc
Product	dicom server
Published	Apr 9, 2026
Last Updated	Apr 14, 2026

Stay Ahead of the Next One

Get instant alerts for orthanc dicom server

Be the first to know when new high vulnerabilities affecting orthanc dicom server are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Orthanc / DICOM Server

0 ≤ 1.12.10

References

NVD ↗ CVE.org ↗ EPSS Data ↗

orthanc-server.com: https://www.orthanc-server.com/ machinespirits.de: https://www.machinespirits.de/ kb.cert.org: https://kb.cert.org/vuls/id/536588