Dicom Web Viewer Framework
Monthly
Server-side request forgery in the Open Health Imaging Foundation (OHIF) DICOM Web Viewer Framework lets an attacker exfiltrate an authenticated user's OIDC Bearer token by abusing the default-enabled DICOMWebProxy and DICOMJSON data sources, which fetch an attacker-supplied URL without validation while OHIF's global auth service silently attaches the victim's token to the outbound request. Any authenticated user lured into loading a malicious viewer link sends their live credential to an attacker-controlled host, enabling identity takeover against the PACS or backend. No public exploit identified at time of analysis and the issue is not on CISA KEV, but the high-impact token leakage and default-configuration exposure make it a meaningful credential-theft risk.
Server-side request forgery in the Open Health Imaging Foundation (OHIF) DICOM Web Viewer Framework lets an attacker exfiltrate an authenticated user's OIDC Bearer token by abusing the default-enabled DICOMWebProxy and DICOMJSON data sources, which fetch an attacker-supplied URL without validation while OHIF's global auth service silently attaches the victim's token to the outbound request. Any authenticated user lured into loading a malicious viewer link sends their live credential to an attacker-controlled host, enabling identity takeover against the PACS or backend. No public exploit identified at time of analysis and the issue is not on CISA KEV, but the high-impact token leakage and default-configuration exposure make it a meaningful credential-theft risk.