Lyceum News Desk ·

CVE-2026-5442 -- CVSS 9.8 Vulnerability Briefing

CVE-2026-5442 | CVSS 9.8 (Critical) | Exploit: No known exploit

What Is It

CVE-2026-5442 is a critical heap buffer overflow vulnerability in the DICOM image decoder component of Orthanc, an open-source medical imaging server developed by Orthanc-Server.

Technical Detail

The flaw arises from a type mismatch in how DICOM image dimension fields are parsed: the decoder processes these fields using Value Representation Unsigned Long (UL), whereas the DICOM standard specifies Unsigned Short (US) for those attributes. This discrepancy allows a specially crafted DICOM file to supply values that exceed the expected 16-bit range, causing the decoder to write beyond the bounds of an allocated heap buffer. Successful exploitation could result in remote code execution or process crash, depending on heap layout and attacker-controlled input, and given that Orthanc instances are often network-accessible for medical image ingestion, the attack surface is reachable without requiring local access.

Exploitation Status

No known exploit exists for this vulnerability at this time. It is not listed in the CISA Known Exploited Vulnerabilities catalog as of April 16, 2026. There is no public proof-of-concept code confirmed. The CVSS score of 9.8 reflects the theoretical severity of the flaw, not observed exploitation activity.

Who Is Targeting This

No specific threat actor attribution at this time. No campaigns or targeted sectors have been associated with this vulnerability in available intelligence. Healthcare and medical imaging infrastructure represent a plausible target class given the affected software, but no confirmed targeting has been observed.

What To Do

Apply any available patches or updated releases from Orthanc-Server immediately, prioritizing internet-facing or network-accessible Orthanc deployments. If a patch is not yet available, restrict network access to the Orthanc DICOM listener port (default 4242) using firewall rules or network segmentation, allowing only trusted sources to submit DICOM files. Validate and sanitize DICOM input at the network perimeter where possible. Monitor Orthanc process logs for unexpected crashes or abnormal memory behavior, which may indicate exploitation attempts. Given the critical CVSS rating and the sensitivity of medical imaging environments, treat this as a high-priority remediation item even in the absence of confirmed active exploitation.

CVE

Free intelligence, delivered to your inbox.