Critical—9 Vulnerabilities in Orthanc DICOM Servers Threaten Medical Data Integrity

A series of critical security flaws has been uncovered in Orthanc, the popular open-source “lightweight Digital Imaging and Communications in Medicine (DICOM) server used to store, process, and retrieve medical imaging data in healthcare environments”. The discovery, documented in a comprehensive vulnerability note from CERT/CC, identifies nine distinct weaknesses in version 1.12.10 and earlier that could allow attackers to disrupt hospital operations or even seize control of medical data servers.

The vulnerabilities span a dangerous range of technical failures, primarily affecting image decoding and HTTP request handling.

Attackers can weaponize metadata to cripple a server’s memory. One flaw, CVE-2026-5438, is a “gzip decompression bomb” where the server “allocates memory based on attacker-controlled compression metadata,” allowing a small payload to exhaust system memory. Similarly, CVE-2026-5440 exploits the “unbounded use of the Content-Length header,” where a crafted request of approximately 4 GB can trigger immediate server termination.

The decoding of specialized image formats is another high-risk area. CVE-2026-5442 and CVE-2026-5443 involve heap buffer overflows triggered by integer overflows during image dimension calculations.

The technical impact of these flaws is far-reaching. Researchers warned that “the most severe issues are heap-based buffer overflows in image parsing and decoding logic, which can crash the Orthanc process and may, under certain conditions, provide a pathway to remote code execution (RCE)”.

Perhaps most concerning for healthcare providers is the potential for information disclosure. “Several additional flaws permit out-of-bounds reads that can expose heap-resident data, including allocator metadata, internal identifiers, points, and portions of adjacent DICOM content through rendered image output”. This means a malicious file could trick the server into embedding private system data directly into a viewable medical image.

Unlike some attacks that end once a server is rebooted, these flaws can have a lasting presence. The advisory notes that “some of the affected code paths may also allow malicious DICOM content to be stored and later re-triggered during normal processing, increasing the persistence and operational impact of exploitation”.

The Orthanc development team has acted swiftly to address these gaps. To secure your medical imaging infrastructure, administrators are urged to take the following steps:

1. Upgrade Immediately: “Orthanc has released version 1.12.11 to address these vulnerabilities, and users are strongly encouraged to upgrade as soon as possible”.
2. Review Access Control: Administrators should “limit exposure of upload and image processing functionality to trusted users and networks wherever possible”.
3. Audit Configurations: It is recommended to consult official “Orthanc documentation and release notes for patching and deployment guidance”.