CVE-2026-5437
published 2026-04-09CVE-2026-5437: An out-of-bounds read vulnerability exists in `DicomStreamReader` during DICOM meta-header parsing. When processing malformed metadata structures, the parser…
PriorityP342high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
0.64%
46.1th percentile
An out-of-bounds read vulnerability exists in `DicomStreamReader` during DICOM meta-header parsing. When processing malformed metadata structures, the parser may read beyond the bounds of the allocated metadata buffer. Although this issue does not typically crash the server or expose data directly to the attacker, it reflects insufficient input validation in the parsing logic.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | orthanc | — | — |
| orthanc-server | orthanc | < 1.12.11 | 1.12.11 |
| orthanc | dicom_server | <= 1.12.10 | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Debian
CVE-2026-5437: orthanc
vendor_debian·2026
CVE-2026-5437 CVE-2026-5437: orthanc
bookworm: open
bullseye: open
forky: open
sid: open
trixie: open
GHSA
GHSA-gqwr-8hwp-hh46: An out-of-bounds read vulnerability exists in `DicomStreamReader` during DICOM meta-header parsing
ghsa_unreviewed·2026-04-09
CVE-2026-5437 GHSA-gqwr-8hwp-hh46: An out-of-bounds read vulnerability exists in `DicomStreamReader` during DICOM meta-header parsing
An out-of-bounds read vulnerability exists in `DicomStreamReader` during DICOM meta-header parsing. When processing malformed metadata structures, the parser may read beyond the bounds of the allocated metadata buffer. Although this issue does not typically crash the server or expose data directly to the attacker, it reflects insufficient input validation in the parsing logic.
No detection rules found.
No public exploits indexed.
Hackernews
⚡ Weekly Recap: Fiber Optic Spying, Windows Rootkit, AI Vulnerability Hunting and More
blogs_hackernews·2026-04-13·CVSS 8.6
[HIGH] ⚡ Weekly Recap: Fiber Optic Spying, Windows Rootkit, AI Vulnerability Hunting and More
Home
Threat Intelligence
Vulnerabilities
Cyber Attacks
Webinars
Expert Insights
Awards
Webinars
Awards
Free eBooks
About THN
Jobs
Advertise with us
## ⚡ Weekly Recap: Fiber Optic Spying, Windows Rootkit, AI Vulnerability Hunting and More
Monday is back, and the weekend’s backlog of chaos is officially hitting the fan. We are tracking a critical zero-day that has been quietly living in your PDFs for months, plus some aggressive state-sponsored meddling in infrastructure that is finally coming to light. It is one of those mornings where the gap between a quiet shift and a full-blown incident response is basically non-existent.
The variety this week is particularly nasty. We have AI models being turned into autonomous exploit engines, North Korean groups playing the long game
Wiz
CVE-2026-5437 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.0
CVE-2026-5437 [CRITICAL] CVE-2026-5437 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-5437 :
Linux Debian vulnerability analysis and mitigation
DicomStreamReader
Source : NVD
Published April 9, 2026
CNA Score N/A
Affected Technologies
Linux Debian
Echo
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) N/A
Exploitation Probability (EPSS) N/A
Affected packages and libraries
orthanc
Sources
NVD
Debian 11, 12, 13, 14 No Fix Added at: Apr 09, 2026
Echo No Fix Added at: Apr 09, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.
## Related Linux Debian vulnerabilities:
CVE ID
Severity
Score
Technologies
Component name
CISA KEV exploit
Has fix
Published date
2026-04-09
Published