cbcvebase.
CVE-2026-5437
published 2026-04-09

CVE-2026-5437: An out-of-bounds read vulnerability exists in `DicomStreamReader` during DICOM meta-header parsing. When processing malformed metadata structures, the parser…

PriorityP342high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
0.64%
46.1th percentile
An out-of-bounds read vulnerability exists in `DicomStreamReader` during DICOM meta-header parsing. When processing malformed metadata structures, the parser may read beyond the bounds of the allocated metadata buffer. Although this issue does not typically crash the server or expose data directly to the attacker, it reflects insufficient input validation in the parsing logic.

Affected

3 ranges
VendorProductVersion rangeFixed in
debianorthanc
orthanc-serverorthanc< 1.12.111.12.11
orthancdicom_server<= 1.12.10
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.