CVE-2026-5439

Name of the Vulnerable Software and Affected Versions Orthanc (affected versions not specified)

Description A memory exhaustion issue exists in ZIP archive processing. Orthanc automatically extracts ZIP archives uploaded to certain endpoints and relies on metadata fields indicating the uncompressed size of archived files. An attacker can create a small ZIP archive with a manipulated size value, leading the server to allocate substantial buffers during extraction.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.