Description
An unauthenticated attacker can read worklist records from a directory outside the intended per-AE worklist storage area. In a multi-area deployment, this can cross departmental or clinic data separation.
Published: 2026-06-30
Score: 8.8 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An unauthenticated attacker can read worklist records from a directory outside the intended per-AE worklist storage area, allowing cross‑departmental or clinic data exposure, a clear breach of confidentiality. The flaw is a classic path traversal (CWE‑22) that occurs when the toolkit does not properly validate the requested file path before accessing the file system.

Affected Systems

The vulnerability affects the OFFIS DICOM:DCMTK Toolkit. No specific version numbers are provided in the advisory, so all installations are potentially vulnerable until a patch is applied.

Risk and Exploitability

The CVSS score of 8.8 marks this flaw as high severity, and although an EPSS score is not available, the lack of an EPSS does not change the inherent risk. The vulnerability is not listed in CISA’s KEV catalog, but the path traversal is exploitable over the network through unauthenticated access to the toolkit’s worklist functionality. Because the flaw allows direct file disclosure, a skilled attacker with network connectivity to the DCMTK service can potentially obtain sensitive patient data from other departments.

Generated by OpenCVE AI on June 30, 2026 at 22:21 UTC.

Remediation

Vendor Solution

The maintainer was notified of these vulnerabilities and has provided a fix. The fix is included in the latest commits and can be obtained in the following snapshot: https://github.com/DCMTK/dcmtk/releases/tag/latest

OpenCVE Recommended Actions

  • Apply the latest release version of DCMTK from the official GitHub release, which contains the fix for the path traversal issue.
  • Reconfigure the DCMTK worklist storage directories to explicitly point to the intended per‑AE folder and verify that path validation prevents access to parent directories.
  • Implement network segmentation or firewall rules to limit unauthenticated access to the DCMTK service, reducing the possibility of exploitation while the patch is applied.

Generated by OpenCVE AI on June 30, 2026 at 22:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 30 Jun 2026 21:30:00 +0000

Type Values Removed Values Added
Description An unauthenticated attacker can read worklist records from a directory outside the intended per-AE worklist storage area. In a multi-area deployment, this can cross departmental or clinic data separation.
Title OFFIS DCMTK Toolkit Path Traversal
Weaknesses CWE-22
References
Metrics cvssV3_1

{'score': 8.2, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N'}

cvssV4_0

{'score': 8.8, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: icscert

Published:

Updated: 2026-06-30T21:06:36.568Z

Reserved: 2026-06-22T17:03:25.979Z

Link: CVE-2026-52868

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-30T22:30:06Z

Weaknesses
  • CWE-22

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')