HomeIntelligenceBrief
VULNERABILITY BRIEF🔴 Critical ThreatIntel

Critical Path Traversal and Memory Corruption Vulnerabilities (CVE‑2026‑50003‑2026‑44628) in OFFIS DCMTK Toolkit Threaten Healthcare Imaging Systems

Five CVE‑rated flaws (CVSS 9.8) affect OFFIS DCMTK Toolkit ≤ 3.7.0, enabling file‑write abuse, unauthorized data access, memory exhaustion, and crashes. For healthcare providers, the bugs create a direct risk to patient data and challenge SOC 2 vulnerability‑management controls.

LiveThreat™ Intelligence · 📅 June 30, 2026· 📰 cisa.gov
🔴
Severity
Critical
TI
Type
ThreatIntel
🎯
Confidence
High
🏢
Affected
1 sector(s)
Actions
4 recommended
📰
Source
cisa.gov

Critical Path Traversal and Memory Corruption Vulnerabilities (CVE‑2026‑50003, CVE‑2026‑50254, CVE‑2026‑35505, CVE‑2026‑52868, CVE‑2026‑44628) in OFFIS DCMTK Toolkit

What It Is — The OFFIS DCMTK Toolkit (versions ≤ 3.7.0) contains multiple high‑severity flaws: a path‑traversal that lets a malicious server write files outside the intended directory, a type‑confusion bug, and several memory‑release errors that can lead to crashes or data leakage.

Exploitability — All five CVEs have a CVSS v3 base score of 9.8 (Critical). Public proof‑of‑concept code has been observed in the wild, and successful exploitation can be achieved by a compromised DICOM server communicating with a vulnerable client.

Affected Products — OFFIS DCMTK Toolkit ≤ 3.7.0 (used in medical imaging workstations, PACS, and many healthcare‑IT integrations).

Why It Matters for Compliance & Audit Readiness

  • SOC 2 CC6.1 (Risk Management) requires continuous vulnerability identification; a CVSS 9.8 flaw in a core imaging library signals a gap in your vulnerability‑management program.
  • Evidence of timely patching and configuration hardening is a key audit artifact for the Security and Availability principles.
  • Healthcare organizations must demonstrate that they protect patient data (HIPAA, GDPR) – uncontrolled file writes could lead to unauthorized PHI exposure, jeopardizing compliance.

Recommended Actions

  • Inventory every system that runs DCMTK and verify the version.
  • Apply the upstream fix (available in the latest commit snapshot) or upgrade to a version > 3.7.0.
  • Record the remediation in your vulnerability‑management tool and map the fix to SOC 2 CC6.1 and CC7.2 (System Operations).
  • Update your DICOM configuration to enforce strict output directories and disable C‑GET storage mode if not required.

Source: CISA Advisory – OFFIS DCMTK Toolkit

📰 Original Source
https://www.cisa.gov/news-events/ics-medical-advisories/icsma-26-181-01

This LiveThreat Intelligence Brief is an independent analysis. Read the original reporting at the link above.

From the Verisq platform · Trust Operations

Misconfigurations are control gaps in disguise.

Verisq AI Trust Operations turns findings like this into mapped controls with continuous evidence, keeping your audit readiness current instead of point-in-time.

Map your controls with Verisq AI Trust Operations →