CVE-2026-5442
Published: 09 April 2026
Summary
CVE-2026-5442 is a critical-severity Out-of-bounds Write (CWE-787) vulnerability in Orthanc-Server Orthanc. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 19.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Flaw remediation directly addresses the specific heap buffer overflow in the DICOM decoder by applying patches or updates to fix the incorrect VR handling and integer overflow.
Information input validation ensures DICOM dimension fields are checked against expected Unsigned Short ranges and frame sizes are computed safely to prevent processing maliciously large values.
Memory protection mechanisms like ASLR and DEP prevent unauthorized code execution from heap buffer overflows during DICOM image decoding.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Heap buffer overflow in DICOM decoder enables remote unauthenticated network exploitation of public-facing applications (e.g., Orthanc Server) for RCE via malicious images.
NVD Description
A heap buffer overflow vulnerability exists in the DICOM image decoder. Dimension fields are encoded using Value Representation (VR) Unsigned Long (UL), instead of the expected VR Unsigned Short (US), which allows extremely large dimensions to be processed. This causes…
more
an integer overflow during frame size calculation and results in out-of-bounds memory access during image decoding.
Deeper analysisAI
CVE-2026-5442 is a heap buffer overflow vulnerability in the DICOM image decoder. Dimension fields are encoded using Value Representation (VR) Unsigned Long (UL), instead of the expected VR Unsigned Short (US), which allows extremely large dimensions to be processed. This causes an integer overflow during frame size calculation and results in out-of-bounds memory access during image decoding. The vulnerability is classified under CWE-787 and carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
The vulnerability can be exploited remotely by unauthenticated attackers over the network, requiring low complexity and no user interaction. Successful exploitation grants high impacts on confidentiality, integrity, and availability, enabling potential remote code execution or system compromise through malicious DICOM images.
Advisories and mitigation guidance are provided by CERT at https://kb.cert.org/vuls/id/536588, Machine Spirits at https://www.machinespirits.de/, and Orthanc Server at https://www.orthanc-server.com/.
Details
- CWE(s)