Orthanc DICOM Vulnerabilities Expose Healthcare Systems to Security Risks
Nine vulnerabilities have been identified in the Orthanc DICOM server, a tool widely used in healthcare and medical research for managing medical images. These vulnerabilities, tracked as CVE-2026-5437 to CVE-2026-5445, allow attackers to crash servers, leak data, and execute arbitrary code remotely. The issues stem from insufficient validation of metadata, missing checks, and unsafe arithmetic operations. The most severe vulnerabilities involve heap-based buffer overflows in image parsing and decoding logic, which can lead to server crashes and potentially remote code execution. Users of Orthanc versions 1.12.10 and earlier are advised to update to version 1.12.11, which addresses these security flaws. 
