HomeIntelligenceBrief
VULNERABILITY BRIEF🟠 High Vulnerability

Critical SSRF in OHIF Viewers DICOM (CVE‑2026‑12473) Enables Clinician Token Theft

A server‑side request forgery flaw in OHIF Viewers DICOM (≤ v3.12.0) lets attackers steal an authenticated clinician’s OIDC token via a crafted link. The issue highlights SOC 2 access‑control gaps and the need for continuous monitoring of token usage.

LiveThreat™ Intelligence · 📅 June 25, 2026· 📰 cisa.gov
🟠
Severity
High
VU
Type
Vulnerability
🎯
Confidence
High
🏢
Affected
2 sector(s)
Actions
5 recommended
📰
Source
cisa.gov

Critical SSRF in OHIF Viewers DICOM (CVE‑2026‑12473) Enables Clinician Token Theft

What It Is — A server‑side request forgery (SSRF) flaw in the OHIF DICOM Web Viewer Framework (≤ v3.12.0) allows an attacker to supply an arbitrary URL to two default data sources. The viewer automatically appends the authenticated clinician’s OIDC Bearer token to the outbound request, leaking the token to an attacker‑controlled server.

Exploitability — The vulnerability is publicly disclosed, has a CVSS v3.1 base score of 8.2 (High), and a proof‑of‑concept exploit has been demonstrated by CISA. No known widespread exploitation, but the attack path is trivial once a malicious link is delivered to a logged‑in user.

Affected Products — OHIF Viewers DICOM (Open Health Imaging Foundation) — versions ≤ 3.12.0.

Why It Matters for Compliance & Audit Readiness

  • SOC 2 Access Controls – Token leakage reveals gaps in credential handling, segregation of duties, and least‑privilege enforcement that SOC 2 CC6.1 (Logical Access) expects to be documented and monitored.
  • Continuous Evidence – Detecting anomalous token use and logging outbound requests provides audit‑ready evidence of control effectiveness.
  • Defensible Audit Trail – Remediation (patching, configuration hardening) must be captured as evidence of due‑diligence for any third‑party risk assessments or healthcare‑specific compliance (HIPAA, HITRUST).

Recommended Actions

  • Upgrade immediately to OHIF Viewers v3.12.2 or later, which removes the insecure default data sources.
  • Review and harden the viewer’s configuration: disable unused data sources, enforce strict URL validation, and apply a deny‑list for external domains.
  • Restrict OIDC token scope to the minimum required for imaging tasks; rotate tokens regularly.
  • Enable detailed logging of outbound HTTP requests and token usage; integrate logs with a SIEM for continuous monitoring.
  • Update SOC 2 access‑control policies and evidence collection procedures to reflect the new configuration and token‑handling controls.

Source: CISA Advisory – ICSMA‑26‑176‑02

📰 Original Source
https://www.cisa.gov/news-events/ics-medical-advisories/icsma-26-176-02

This LiveThreat Intelligence Brief is an independent analysis. Read the original reporting at the link above.

From the Verisq platform · SOC 2 Readiness

Access is where most audits get tested.

Verisq AI Trust Operations maps incidents like this to your access controls and collects the evidence continuously, keeping your SOC 2 posture defensible.

See where you'd stand with Verisq AI Trust Operations →