Information Exposure in DCMTK byOffis GmbH
CVE-2026-52868

8.8HIGH

Key Information:

Vendor: Offis Dicom
Status: Dcmtk Toolkit
Vendor: CVE Published:; 30 June 2026

🔔 Create Offis Dicom Vulnerability Alert

What is CVE-2026-52868?

An information exposure vulnerability in DCMTK allows unauthorized attackers to read sensitive worklist records from outside the designated per-AE storage area. This issue can compromise data integrity in a multi-area deployment, risking the separation of departmental or clinic data and potentially leading to severe privacy violations. Organizations using this software should ensure that appropriate security measures are in place to prevent unauthorized data access.

Affected Version(s)

DCMTK Toolkit 0 <= 3.7.0

References

https://github.com/DCMTK/dcmtk/releases/tag/latest

https://www.cisa.gov/news-events/ics-medical-advisories/i...

https://github.com/cisagov/CSAF/blob/develop/csaf_files/O...

CVSS V4

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 30, 2026
Vulnerability Reserved
Jun 22, 2026

Credit

Abhinav Agarwal reported this vulnerability to CISA

CVE-2026-52868 Data

JSON