EUVD-2026-19243CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
4Tags
Description
A security flaw has been discovered in OFFIS DCMTK up to 3.7.0. This impacts the function executeOnReception/executeOnEndOfStudy of the file dcmnet/apps/storescp.cc of the component storescp. Performing a manipulation results in os command injection. Remote exploitation of the attack is possible. The patch is named edbb085e45788dccaf0e64d71534cfca925784b8. Applying a patch is the recommended action to fix this issue.
Analysis
OS command injection in OFFIS DCMTK's storescp utility (versions up to 3.7.0) allows unauthenticated remote attackers to execute arbitrary system commands via crafted DICOM network operations. The vulnerability resides in the executeOnReception and executeOnEndOfStudy functions within dcmnet/apps/storescp.cc. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: inventory all systems running OFFIS DCMTK storescp and identify current version numbers. Within 7 days: apply vendor patch (commit edbb085e45788dccaf0e64d71534cfca925784b8) to all affected systems and validate patching through version verification. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today