Skip to main content

Pynetdicom Library

1 CVEs product

Monthly

CVE-2026-56445 HIGH CISA Act Now

Arbitrary file write in the pynetdicom library's qrscp storage SCP application allows a remote, unauthenticated attacker to plant files at attacker-chosen paths on the receiving host. The qrscp C-STORE handler trusts a value taken from an incoming DICOM dataset and passes it into os.path.join() without sanitization, so a crafted instance identifier containing path-traversal sequences escapes the intended storage directory. No public exploit has been identified at time of analysis, but the CVSS 4.0 base score of 8.8 and unauthenticated network reachability make this a high-priority issue for any exposed DICOM endpoint.

Path Traversal Pynetdicom Library
NVD GitHub
CVSS 4.0
8.8
EPSS
0.4%
EPSS 0% CVSS 8.8
HIGH Act Now

Arbitrary file write in the pynetdicom library's qrscp storage SCP application allows a remote, unauthenticated attacker to plant files at attacker-chosen paths on the receiving host. The qrscp C-STORE handler trusts a value taken from an incoming DICOM dataset and passes it into os.path.join() without sanitization, so a crafted instance identifier containing path-traversal sequences escapes the intended storage directory. No public exploit has been identified at time of analysis, but the CVSS 4.0 base score of 8.8 and unauthenticated network reachability make this a high-priority issue for any exposed DICOM endpoint.

Path Traversal Pynetdicom Library
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy