Orthanc DICOM Server Vulnerabilities Expose Healthcare Systems to Crashes and Remote Code Execution
Nine security vulnerabilities have been identified in the Orthanc Digital Imaging and Communications in Medicine (DICOM) server, which is widely used in healthcare and medical research for the automated analysis of medical images. These vulnerabilities, tracked from CVE-2026-5437 to CVE-2026-5445, include issues such as heap-based buffer overflows, out-of-bounds reads, and memory exhaustion flaws. These defects can lead to server crashes, data leaks, and potentially allow attackers to execute arbitrary code remotely. The vulnerabilities were discovered by researchers at Machine Spirits and have been detailed in advisories by the CERT Coordination Center (CERT/CC). Users of Orthanc versions 1.12.10 and earlier are advised to update to version 1.12.11, which addresses these security issues. 
