Skip to main content

Dicom Web Viewer Framework

1 CVEs product

Monthly

CVE-2026-12473 HIGH CISA Act Now

Server-side request forgery in the Open Health Imaging Foundation (OHIF) DICOM Web Viewer Framework lets an attacker exfiltrate an authenticated user's OIDC Bearer token by abusing the default-enabled DICOMWebProxy and DICOMJSON data sources, which fetch an attacker-supplied URL without validation while OHIF's global auth service silently attaches the victim's token to the outbound request. Any authenticated user lured into loading a malicious viewer link sends their live credential to an attacker-controlled host, enabling identity takeover against the PACS or backend. No public exploit identified at time of analysis and the issue is not on CISA KEV, but the high-impact token leakage and default-configuration exposure make it a meaningful credential-theft risk.

SSRF Dicom Web Viewer Framework
NVD GitHub
CVSS 4.0
8.3
EPSS
0.2%
EPSS 0% CVSS 8.3
HIGH Act Now

Server-side request forgery in the Open Health Imaging Foundation (OHIF) DICOM Web Viewer Framework lets an attacker exfiltrate an authenticated user's OIDC Bearer token by abusing the default-enabled DICOMWebProxy and DICOMJSON data sources, which fetch an attacker-supplied URL without validation while OHIF's global auth service silently attaches the victim's token to the outbound request. Any authenticated user lured into loading a malicious viewer link sends their live credential to an attacker-controlled host, enabling identity takeover against the PACS or backend. No public exploit identified at time of analysis and the issue is not on CISA KEV, but the high-impact token leakage and default-configuration exposure make it a meaningful credential-theft risk.

SSRF Dicom Web Viewer Framework
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy