Browse all 11 CVE security advisories affecting Orthanc. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Orthanc serves as a lightweight DICOM server for medical imaging, enabling storage and retrieval of radiology data. Historically, it has been susceptible to multiple remote code execution vulnerabilities, cross-site scripting flaws, and privilege escalation issues due to insufficient input validation and access controls. The software's exposure to the internet has led to several high-severity incidents, including unauthorized access to sensitive patient data and system compromises. Despite its utility in healthcare environments, the project's security track record shows consistent vulnerabilities, with 11 CVEs documenting issues ranging from authentication bypass to information disclosure. Proper hardening and network segmentation remain critical for secure deployment.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-5439 | Memory Exhaustion via Forged ZIP Metadata — DICOM Server | 7.5AI | HighAI | 2026-04-09 |
| CVE-2026-5437 | Out-of-Bounds Read in DicomStreamReader — DICOM Server | 9.1AI | CriticalAI | 2026-04-09 |
| CVE-2026-5438 | Gzip Decompression Bomb via Content-Encoding Header — DICOM Server | 7.5AI | HighAI | 2026-04-09 |
| CVE-2026-5440 | Memory Exhaustion via Unbounded Content-Length — DICOM Server | 7.5AI | HighAI | 2026-04-09 |
| CVE-2026-5442 | Heap Buffer Overflow in DICOM Image Decoder via VR UL Dimensions — DICOM Server | 9.1AI | CriticalAI | 2026-04-09 |
| CVE-2026-5443 | Heap Buffer Overflow in DICOM Image Decoder (Palette Color Decode) — DICOM Server | 8.4AI | HighAI | 2026-04-09 |
| CVE-2026-5445 | Out-of-Bounds Read in DicomImageDecoder (DecodeLookupTable) — DICOM Server | 5.5AI | MediumAI | 2026-04-09 |
| CVE-2026-5444 | Heap Buffer Overflow in PAM Image Buffer Allocation — DICOM Server | 7.8AI | HighAI | 2026-04-09 |
| CVE-2026-5441 | Out-of-Bounds Read in DicomImageDecoder (PMSCT_RLE1 Decompression) — DICOM Server | 8.1AI | HighAI | 2026-04-09 |
This page lists every published CVE security advisory associated with Orthanc. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.