Cyber Resilience

CVE-2026-5445

Critical

Published: 09 April 2026

Published
09 April 2026
Modified
14 April 2026
KEV Added
Patch
CVSS Score v3.1 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
EPSS Score 0.0067 47.0th percentile
Risk Priority 70 floored blend · peak EPSS

Summary

CVE-2026-5445 is a critical-severity Out-of-bounds Read (CWE-125) vulnerability in Orthanc-Server Orthanc. Its CVSS base score is 9.1 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 47.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Deeper analysis

CVE-2026-5445 is an out-of-bounds read vulnerability (CWE-125) in the DecodeLookupTable function within DicomImageDecoder.cpp, part of DICOM image processing software such as Orthanc server. The issue arises in the lookup-table decoding logic for PALETTE COLOR images, where pixel indices are not validated against the lookup table size. Processing crafted images with indices exceeding the palette size results in reads beyond allocated lookup table memory, exposing heap contents in the output image. Published on 2026-04-09, it carries a CVSS v3.1 base score of 9.1 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H).

Remote attackers require no privileges or user interaction to exploit this vulnerability over the network with low complexity. By supplying a malicious PALETTE COLOR DICOM image containing oversized pixel indices, an attacker can trigger the out-of-bounds read, leaking sensitive heap data embedded in the processed output image while also potentially causing denial of service through application crashes due to memory corruption.

For mitigation details, refer to advisories including CERT/CC vulnerability note VU#536588 at https://kb.cert.org/vuls/id/536588, the Orthanc server site at https://www.orthanc-server.com/, and https://www.machinespirits.de/.

EU & UK References

Vulnerability details

An out-of-bounds read vulnerability exists in the `DecodeLookupTable` function within `DicomImageDecoder.cpp`. The lookup-table decoding logic used for `PALETTE COLOR` images does not validate pixel indices against the lookup table size. Crafted images containing indices larger than the palette size cause…

more

the decoder to read beyond allocated lookup table memory and expose heap contents in the output image.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

The vulnerability is an unauthenticated remote out-of-bounds read in the public-facing Orthanc DICOM server, directly enabling exploitation of a public-facing application via crafted image submission over the network.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-5437Same product: Orthanc-Server Orthanc
CVE-2025-0896Same product: Orthanc-Server Orthanc
CVE-2026-5442Same product: Orthanc-Server Orthanc
CVE-2026-5441Same product: Orthanc-Server Orthanc
CVE-2026-5443Same product: Orthanc-Server Orthanc
CVE-2026-5439Same product: Orthanc-Server Orthanc
CVE-2026-5444Same product: Orthanc-Server Orthanc
CVE-2026-5438Same product: Orthanc-Server Orthanc
CVE-2026-5440Same product: Orthanc-Server Orthanc
CVE-2026-42799Shared CWE-125

Affected Assets

orthanc-server
orthanc
≤ 1.12.11

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Requires validation of pixel indices against the lookup table size in PALETTE COLOR DICOM images to directly prevent out-of-bounds memory reads.

prevent

Implements memory protection mechanisms such as boundary protection to comprehensively mitigate out-of-bounds reads and heap content exposure in the DICOM decoder.

prevent

Mandates timely identification, reporting, and correction of the specific out-of-bounds read flaw in DecodeLookupTable, eliminating the vulnerability through patching.

References