securityonline.info 7/4/2026, 3:11:31 AM · external

CISA warns of DCMTK flaw allowing attackers to write files

CISA warns of DCMTK flaw allowing attackers to write files
CyberSIXT Evidence Panel
Primary Source cisa.gov
CISA KEV Not in KEV
Patch Patch Status Unknown

CISA issued an advisory on June 30, 2026, regarding five vulnerabilities in the DCMTK toolkit, which is vital for managing DICOM images in medical facilities. The most severe issue (CVE-2026-50003) allows attackers to exploit path traversal to write files, with a CVSS score of 9.8. Other vulnerabilities include unauthorized worklist data exposure (CVE-2026-52868, CVSS 8.2) and denial-of-service attacks due to memory leaks (CVE-2026-50254, CVSS 7.5).

All vulnerabilities affect OFFIS DCMTK versions 3.7.0 and earlier, prompting a recommendation to update to the latest build and implement network segmentation as a mitigation strategy.

View Primary Source Via securityonline.info

Article by CyberSIXT