CVE-2026-5663

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions OFFIS DCMTK versions up to 3.7.0

Description A security flaw exists in OFFIS DCMTK up to version 3.7.0. The issue affects the executeOnReception/executeOnEndOfStudy function within the dcmnet/apps/storescp.cc file of the storescp component. Manipulation of this function can lead to OS command injection. Remote exploitation is possible.

Recommendations Apply patch edbb085e45788dccaf0e64d71534cfca925784b8.

Fix

OS Command Injection

Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78CWE-77

Related Identifiers

CVE-2026-5663

OPENSUSE-SU-2026:10502-1

Affected Products

Dcmtk

CVE-2026-5663

Weakness Enumeration

Related Identifiers

Affected Products

References · 17