Skip to main content

Ziostation2 CVE-2026-40062

| EUVDEUVD-2026-25140 HIGH
Path Traversal (CWE-22)
2026-04-23 jpcert GHSA-8pjf-p5gm-5gq6
8.7
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
8.7 HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

6
Re-analysis Queued
Apr 24, 2026 - 14:52 vuln.today
cvss_changed
Analysis Generated
Apr 23, 2026 - 06:58 vuln.today
CVSS changed
Apr 23, 2026 - 00:22 NVD
7.5 (HIGH) 8.7 (HIGH)
EUVD ID Assigned
Apr 23, 2026 - 00:15 euvd
EUVD-2026-25140
Analysis Generated
Apr 23, 2026 - 00:15 vuln.today
CVE Published
Apr 23, 2026 - 00:01 nvd
HIGH 8.7

DescriptionCVE.org

A path Traversal vulnerability exists in Ziostation2 v2.9.8.7 and earlier. A remote unauthenticated attacker may get sensitive information on the operating system.

AnalysisAI

Remote unauthenticated attackers can access sensitive operating system files in Ziostation2 medical imaging software v2.9.8.7 and earlier via path traversal, achieving high confidentiality impact. The vulnerability requires no authentication, low attack complexity, and no user interaction (CVSS:4.0 AV:N/AC:L/PR:N/UI:N), making it easily exploitable from the network. While not currently listed in CISA KEV and lacking public exploit code at time of analysis, the trivial exploitation conditions and exposure of medical system data present significant risk to healthcare organizations using affected versions.

Technical ContextAI

Ziostation2 is a medical imaging workstation from ZIOSOFT used in healthcare environments for diagnostic imaging analysis and visualization. This vulnerability stems from CWE-22 (Improper Limitation of a Pathname to a Restricted Directory), commonly known as path traversal or directory traversal. The flaw allows attackers to manipulate file path references-likely through URL parameters, API endpoints, or file access functions-to escape intended directory boundaries and access files outside the application's designated scope. In medical imaging systems, this could expose DICOM files, patient data, configuration files containing credentials, or underlying Windows/Linux operating system files. The affected product is identified by CPE cpe:2.3:a:ziosoft,_inc.:ziostation2, confirming ZIOSOFT Inc. as the vendor.

RemediationAI

Healthcare organizations should immediately contact ZIOSOFT support to obtain and deploy patched versions newer than v2.9.8.7-exact fix version not specified in available advisories but vendor coordination through JPCERT confirms remediation exists. Consult JPCERT advisory JVN00575116 at https://jvn.jp/en/jp/JVN00575116/ for vendor-specific update instructions and patch availability timelines. As interim compensating controls until patching: isolate Ziostation2 systems behind network segmentation with strict firewall rules allowing only authenticated DICOM and workstation traffic from trusted medical networks, blocking all external Internet access; implement web application firewall (WAF) rules to detect and block path traversal patterns in HTTP requests (../, ..\ sequences, URL-encoded variants); enable comprehensive file access auditing to detect unauthorized file retrieval attempts; and review application access logs for suspicious patterns like repeated 404 errors or requests containing directory traversal strings. Note that network isolation may impact remote radiology workflows and requires coordination with clinical operations. WAF rules may generate false positives with legitimate file access patterns requiring tuning. No workaround fully mitigates the vulnerability-patching remains the definitive remediation.

Share

CVE-2026-40062 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy