Vulnerability Description
A security flaw has been discovered in OFFIS DCMTK up to 3.7.0. This impacts the function executeOnReception/executeOnEndOfStudy of the file dcmnet/apps/storescp.cc of the component storescp. Performing a manipulation results in os command injection. Remote exploitation of the attack is possible. The patch is named edbb085e45788dccaf0e64d71534cfca925784b8. Applying a patch is the recommended action to fix this issue.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Offis | Dcmtk | <= 3.7.0 |
Related Weaknesses (CWE)
References
- https://github.com/DCMTK/dcmtk/commit/edbb085e45788dccaf0e64d71534cfca925784b8Patch
- https://machinespirits.com/advisory/2e1627/MitigationThird Party Advisory
- https://support.dcmtk.org/redmine/issues/1194Issue TrackingThird Party Advisory
- https://vuldb.com/submit/786061Third Party AdvisoryVDB Entry
- https://vuldb.com/vuln/355486Third Party AdvisoryVDB Entry
- https://vuldb.com/vuln/355486/ctiPermissions RequiredVDB Entry
FAQ
What is CVE-2026-5663?
CVE-2026-5663 is a vulnerability with a CVSS score of 7.3 (HIGH). A security flaw has been discovered in OFFIS DCMTK up to 3.7.0. This impacts the function executeOnReception/executeOnEndOfStudy of the file dcmnet/apps/storescp.cc of the component storescp. Performi...
How severe is CVE-2026-5663?
CVE-2026-5663 has been rated HIGH with a CVSS base score of 7.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-5663?
Check the references section above for vendor advisories and patch information. Affected products include: Offis Dcmtk.