CVE Catalog

CVE-2026-50003

CriticalCVSS 9.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.44%

35th percentile — higher than 35% of all known CVEs

Summary

A malicious or compromised server can make a DCMTK client using bit-preserving C-GET storage mode write files outside the chosen output directory, using both relative (../) paths and absolute paths.

Risk Assessment

The risk involves potential overwriting or creation of files in arbitrary filesystem locations, which could lead to data integrity compromise, privilege escalation, or further system compromise.

Recommendation

Update the DCMTK library to a version that includes a fix preventing file writes outside the allowed output directory and implement path validation on the client side.

Original NVD description (English source)

A malicious or compromised server can make a DCMTK client using bit-preserving C-GET storage mode write files outside the chosen output directory, using both relative (../) paths and absolute paths.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS