Part of Lyceum Intelligence — deep-research In Focus reports → · Lyceum Corpus — ask the documents →

Full-text search across 381 articles. Typo-tolerant.

Lyceum News Desk ·

CVE-2026-5445 -- CVSS 9.1 Vulnerability Briefing

CVE-2026-5445 | CVSS 9.1 (Critical) | Exploit: No known exploit

What Is It

CVE-2026-5445 is a critical out-of-bounds read vulnerability in the Orthanc open-source DICOM server, specifically within the DecodeLookupTable function in DicomImageDecoder.cpp, triggered during the processing of PALETTE COLOR DICOM images.

Technical Detail

The flaw exists because the lookup-table decoding logic in DecodeLookupTable does not validate pixel index values before using them to read from the lookup table buffer, allowing a read operation to exceed the allocated memory boundary. An attacker can trigger this condition by supplying a crafted DICOM image file with malformed PALETTE COLOR metadata to any Orthanc instance that processes incoming DICOM data. Depending on memory layout, exploitation could result in information disclosure through exposure of adjacent memory contents, or potentially contribute to a denial-of-service condition if the read causes a process crash.

Exploitation Status

No known exploit exists for this vulnerability at this time. The exploit maturity is assessed as none, and this CVE has not been added to the CISA Known Exploited Vulnerabilities catalog. There is no public proof-of-concept code confirmed as of April 16, 2026.

Who Is Targeting This

No specific threat actor attribution at this time. No campaigns or targeted sectors have been identified in connection with this vulnerability. However, Orthanc is widely deployed in healthcare and medical imaging environments, which are sectors that have historically attracted ransomware operators and data theft actors due to the sensitivity of patient data.

What To Do

Organizations running Orthanc should monitor the official Orthanc project repository and the orthanc-users mailing list for a patched release and apply it as soon as it becomes available, prioritizing internet-facing or network-accessible Orthanc instances. As an interim measure, restrict access to the Orthanc DICOM port (default 4242) and REST API port (default 8042) to trusted hosts only using network-layer controls, and avoid processing DICOM files from untrusted or unverified sources. Security teams should review ingestion pipelines that automatically import DICOM data and consider adding file validation or sandboxing steps upstream of Orthanc. Given the CVSS score of 9.1, this should be treated as a high-priority remediation item even in the absence of confirmed active exploitation.

In Focus
All analysis →

Deep-research intelligence reports from Lyceum Intelligence — structured assessments with sourced claims and calibrated conclusions.

Browse Intelligence Reports →