CVE-2026-5663

HIGH 7.3

OFFIS DCMTK storescp storescp.cc executeOnEndOfStudy os command injection

CVSS Score

7.3

EPSS Score

0.8%

EPSS Percentile

75th

A security flaw has been discovered in OFFIS DCMTK up to 3.7.0. This impacts the function executeOnReception/executeOnEndOfStudy of the file dcmnet/apps/storescp.cc of the component storescp. Performing a manipulation results in os command injection. Remote exploitation of the attack is possible. The patch is named edbb085e45788dccaf0e64d71534cfca925784b8. Applying a patch is the recommended action to fix this issue.

CWE	CWE-78 CWE-77
Vendor	offis
Product	dcmtk
Published	Apr 6, 2026
Last Updated	Apr 7, 2026

Stay Ahead of the Next One

Get instant alerts for offis dcmtk

Be the first to know when new high vulnerabilities affecting offis dcmtk are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Affected Versions

OFFIS / DCMTK

3.0 3.1 3.2 3.3 3.4 3.5 3.6 3.7.0

References

NVD ↗ CVE.org ↗ EPSS Data ↗

vuldb.com: https://vuldb.com/vuln/355486 vuldb.com: https://vuldb.com/vuln/355486/cti vuldb.com: https://vuldb.com/submit/786061 machinespirits.com: https://machinespirits.com/advisory/2e1627/ support.dcmtk.org: https://support.dcmtk.org/redmine/issues/1194 github.com: https://github.com/DCMTK/dcmtk/commit/edbb085e45788dccaf0e64d71534cfca925784b8

Credits

Simon Weber (Machine Spirits) Volker Schönefeld (Machine Spirits) 🔍 simon4machinespirits (VulDB User)