CVE-2026-5663 — Command Injection in Dcmtk

CWE-77 — Command Injection CWE-78 — OS Command Injection513 documents6 sources

Severity

6.9MEDIUMNVD

EPSS

1.8%

top 17.36%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Offis Dcmtk Debian Dcmtk

Timeline

PublishedApr 6

Description

A security flaw has been discovered in OFFIS DCMTK up to 3.7.0. This impacts the function executeOnReception/executeOnEndOfStudy of the file dcmnet/apps/storescp.cc of the component storescp. Performing a manipulation results in os command injection. Remote exploitation of the attack is possible. The patch is named edbb085e45788dccaf0e64d71534cfca925784b8. Applying a patch is the recommended action to fix this issue.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Affected Packages2 packages

▶CVEListV5offis/dcmtk8 versions+7

▶debiandebian/dcmtk

🔴Vulnerability Details

OSV

CVE-2026-5663: A security flaw has been discovered in OFFIS DCMTK up to 3↗2026-04-06

▶

GHSA

GHSA-c42x-qh72-7h87: A security flaw has been discovered in OFFIS DCMTK up to 3↗2026-04-06

▶

📋Vendor Advisories

Debian

CVE-2026-5663: dcmtk - A security flaw has been discovered in OFFIS DCMTK up to 3.7.0. This impacts the...↗2026

▶

🕵️Threat Intelligence

506

Wiz

CVE-2026-2369 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶

Wiz

CVE-2026-33691 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶

Wiz

CVE-2025-67477 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶

Wiz

CVE-2018-25223 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶

Wiz

CVE-2023-54279 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶

💬Community

Bugzilla

CVE-2026-5663 dcmtk: OS command injection via a crafted DICOM C-STORE request [fedora-all]↗2026-04-06

▶

Bugzilla

CVE-2026-5663 DCMTK: OS command injection via a crafted DICOM C-STORE request↗2026-04-06

▶

Bugzilla

CVE-2026-5663 dcmtk: OS command injection via a crafted DICOM C-STORE request [epel-all]↗2026-04-06

▶