Part of Lyceum Intelligence — deep-research In Focus reports → · Lyceum Corpus — ask the documents →

Full-text search across 381 articles. Typo-tolerant.

Lyceum News Desk ·

CVE-2026-5443 -- CVSS 9.8 Vulnerability Briefing

CVE-2026-5443 | CVSS 9.8 (Critical) | Exploit: No known exploit

What Is It

CVE-2026-5443 is a critical heap buffer overflow vulnerability in Orthanc, the open-source DICOM server developed by Orthanc-Server, triggered during the decoding of PALETTE COLOR DICOM image files.

Technical Detail

The flaw originates in the pixel data decoding logic, where width and height values from a DICOM image header are multiplied using 32-bit arithmetic to calculate buffer allocation sizes. If an attacker supplies sufficiently large width or height values, the multiplication overflows the 32-bit integer boundary, producing an undersized heap allocation. Subsequent writes of the full pixel payload into this undersized buffer constitute a heap overflow, which can lead to remote code execution or process crash depending on heap layout and attacker-controlled input precision.

Exploitation Status

No known exploit exists for this vulnerability at this time. It is not listed in the CISA Known Exploited Vulnerabilities catalog, and no public proof-of-concept code has been confirmed. The vulnerability should nonetheless be treated with urgency given its CVSS score of 9.8 and the straightforward nature of the triggering condition, which requires only a malformed DICOM file submitted to the server.

Who Is Targeting This

No specific threat actor attribution at this time. No campaigns or targeted sectors have been identified in connection with this CVE. Healthcare and medical imaging environments that rely on Orthanc for DICOM storage and routing represent a logical exposure surface, but no confirmed targeting has been observed.

What To Do

Administrators running Orthanc should check the vendor's official release channel and apply any available patch addressing this heap overflow immediately, prioritizing internet-facing or network-accessible Orthanc instances. As an interim measure, restrict access to the Orthanc DICOM and REST API endpoints using network-layer controls such as firewall rules or VPN requirements, limiting exposure to trusted hosts only. Operators should monitor Orthanc process logs for unexpected crashes or restarts, which may indicate exploitation attempts. Given the critical CVSS rating and the medical imaging context, patch deployment should not be deferred pending further threat intelligence.

In Focus
All analysis →

Deep-research intelligence reports from Lyceum Intelligence — structured assessments with sourced claims and calibrated conclusions.

Browse Intelligence Reports →