8.8
/ 10
HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N
Description
An unauthenticated attacker can read worklist records from a directory outside the intended per-AE worklist storage area. In a multi-area deployment, this can cross departmental or clinic data separation.
AI Analysis
Path traversal vulnerability allowing unauthenticated attackers to read worklist records from outside the intended storage area
Basic Information
ID
CVE-2026-52868
Source
icscert
Published
Jun 30, 2026 at 21:06
Affected Product
Vendor
OFFIS DICOM
Product
DCMTK Toolkit
Affected Versions
OFFIS DICOM DCMTK Toolkit 0
CWE Classification
AI Assessment
AI Score
8.8 / 10
AI Severity
High
Vendor
OFFIS DICOM
Product
DCMTK Toolkit