Stack-based Buffer Overflow Vulnerability in Orthanc DICOM Server by Orthanc
CVE-2026-10528

4.8MEDIUM

Key Information:

Vendor

Orthanc

Status
Dicom Server
Vendor
CVE Published:
2 June 2026

Badges

๐Ÿ‘พ Exploit Exists๐ŸŸก Public PoC

What is CVE-2026-10528?

A security flaw has been identified in the Orthanc DICOM Server, specifically within the DcmItem::read function in the DCMTK Parser component. This vulnerability allows for a stack-based buffer overflow when manipulated, posing a risk during local attacks. The public release of an exploit intensifies the urgency for mitigation. Users are advised to apply the provided patch (bae99026ca97) to resolve this vulnerability and safeguard their systems.

Affected Version(s)

DICOM Server 1.12.0

DICOM Server 1.12.1

DICOM Server 1.12.2

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2026-10528 - Proof of Concept

References

https://vuldb.com/vuln/367636
vdb-entrytechnical-description
https://vuldb.com/vuln/367636/cti
signaturepermissions-required
https://vuldb.com/cve/CVE-2026-10528
third-party-advisory

CVSS V4

Score:
4.8
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
Low
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

dapickle (VulDB User)
.