{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-5663", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2026-04-06T07:55:05.388Z", "datePublished": "2026-04-06T14:15:11.214Z", "dateUpdated": "2026-04-07T14:06:11.702Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-04-06T14:15:11.214Z"}, "title": "OFFIS DCMTK storescp storescp.cc executeOnEndOfStudy os command injection", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-78", "lang": "en", "description": "OS Command Injection"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-77", "lang": "en", "description": "Command Injection"}]}], "affected": [{"vendor": "OFFIS", "product": "DCMTK", "versions": [{"version": "3.0", "status": "affected"}, {"version": "3.1", "status": "affected"}, {"version": "3.2", "status": "affected"}, {"version": "3.3", "status": "affected"}, {"version": "3.4", "status": "affected"}, {"version": "3.5", "status": "affected"}, {"version": "3.6", "status": "affected"}, {"version": "3.7.0", "status": "affected"}], "cpes": ["cpe:2.3:a:offis:dcmtk:*:*:*:*:*:*:*:*"], "modules": ["storescp"]}], "descriptions": [{"lang": "en", "value": "A security flaw has been discovered in OFFIS DCMTK up to 3.7.0. This impacts the function executeOnReception/executeOnEndOfStudy of the file dcmnet/apps/storescp.cc of the component storescp. Performing a manipulation results in os command injection. Remote exploitation of the attack is possible. The patch is named edbb085e45788dccaf0e64d71534cfca925784b8. Applying a patch is the recommended action to fix this issue."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 6.9, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 7.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C", "baseSeverity": "HIGH"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 7.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C", "baseSeverity": "HIGH"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:ND/RL:OF/RC:C"}}], "timeline": [{"time": "2026-04-06T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2026-04-06T02:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2026-04-06T10:02:25.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "Simon Weber (Machine Spirits)", "type": "finder"}, {"lang": "en", "value": "Volker Sch\u00f6nefeld (Machine Spirits)", "type": "finder"}, {"lang": "en", "value": "simon4machinespirits (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/vuln/355486", "name": "VDB-355486 | OFFIS DCMTK storescp storescp.cc executeOnEndOfStudy os command injection", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/vuln/355486/cti", "name": "VDB-355486 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/submit/786061", "name": "Submit #786061 | OFFIS DCMTK up to 3.7.0 OS Command Injection", "tags": ["third-party-advisory"]}, {"url": "https://machinespirits.com/advisory/2e1627/", "tags": ["related"]}, {"url": "https://support.dcmtk.org/redmine/issues/1194", "tags": ["issue-tracking"]}, {"url": "https://github.com/DCMTK/dcmtk/commit/edbb085e45788dccaf0e64d71534cfca925784b8", "tags": ["patch"]}], "tags": ["x_open-source"]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-07T14:05:40.592545Z", "id": "CVE-2026-5663", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-07T14:06:11.702Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"cna": {"tags": ["x_open-source"], "title": "OFFIS DCMTK storescp storescp.cc executeOnEndOfStudy os command injection", "credits": [{"lang": "en", "type": "finder", "value": "Simon Weber (Machine Spirits)"}, {"lang": "en", "type": "finder", "value": "Volker Sch\u00f6nefeld (Machine Spirits)"}, {"lang": "en", "type": "reporter", "value": "simon4machinespirits (VulDB User)"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 6.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 7.3, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 7.3, "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:ND/RL:OF/RC:C"}}], "affected": [{"cpes": ["cpe:2.3:a:offis:dcmtk:*:*:*:*:*:*:*:*"], "vendor": "OFFIS", "modules": ["storescp"], "product": "DCMTK", "versions": [{"status": "affected", "version": "3.0"}, {"status": "affected", "version": "3.1"}, {"status": "affected", "version": "3.2"}, {"status": "affected", "version": "3.3"}, {"status": "affected", "version": "3.4"}, {"status": "affected", "version": "3.5"}, {"status": "affected", "version": "3.6"}, {"status": "affected", "version": "3.7.0"}]}], "timeline": [{"lang": "en", "time": "2026-04-06T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2026-04-06T02:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2026-04-06T10:02:25.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/vuln/355486", "name": "VDB-355486 | OFFIS DCMTK storescp storescp.cc executeOnEndOfStudy os command injection", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/vuln/355486/cti", "name": "VDB-355486 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/submit/786061", "name": "Submit #786061 | OFFIS DCMTK up to 3.7.0 OS Command Injection", "tags": ["third-party-advisory"]}, {"url": "https://machinespirits.com/advisory/2e1627/", "tags": ["related"]}, {"url": "https://support.dcmtk.org/redmine/issues/1194", "tags": ["issue-tracking"]}, {"url": "https://github.com/DCMTK/dcmtk/commit/edbb085e45788dccaf0e64d71534cfca925784b8", "tags": ["patch"]}], "descriptions": [{"lang": "en", "value": "A security flaw has been discovered in OFFIS DCMTK up to 3.7.0. This impacts the function executeOnReception/executeOnEndOfStudy of the file dcmnet/apps/storescp.cc of the component storescp. Performing a manipulation results in os command injection. Remote exploitation of the attack is possible. The patch is named edbb085e45788dccaf0e64d71534cfca925784b8. Applying a patch is the recommended action to fix this issue."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-78", "description": "OS Command Injection"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-77", "description": "Command Injection"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-04-06T14:15:11.214Z"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-5663", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-07T14:05:40.592545Z"}}}], "providerMetadata": {"shortName": "CISA-ADP", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "dateUpdated": "2026-04-07T14:06:03.815Z"}}]}, "cveMetadata": {"cveId": "CVE-2026-5663", "state": "PUBLISHED", "dateUpdated": "2026-04-06T14:15:11.214Z", "dateReserved": "2026-04-06T07:55:05.388Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2026-04-06T14:15:11.214Z", "assignerShortName": "VulDB"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:offis:dcmtk:*:*:*:*:*:*:*:*", "matchCriteriaId": "EF425104-FD2A-47B0-9D06-DC2D40A9F9BC", "versionEndIncluding": "3.7.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A security flaw has been discovered in OFFIS DCMTK up to 3.7.0. This impacts the function executeOnReception/executeOnEndOfStudy of the file dcmnet/apps/storescp.cc of the component storescp. Performing a manipulation results in os command injection. Remote exploitation of the attack is possible. The patch is named edbb085e45788dccaf0e64d71534cfca925784b8. Applying a patch is the recommended action to fix this issue."}], "id": "CVE-2026-5663", "lastModified": "2026-04-27T18:43:25.493", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.4, "source": "cna@vuldb.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 6.9, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2026-04-06T15:17:16.253", "references": [{"source": "cna@vuldb.com", "tags": ["Patch"], "url": "https://github.com/DCMTK/dcmtk/commit/edbb085e45788dccaf0e64d71534cfca925784b8"}, {"source": "cna@vuldb.com", "tags": ["Mitigation", "Third Party Advisory"], "url": "https://machinespirits.com/advisory/2e1627/"}, {"source": "cna@vuldb.com", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://support.dcmtk.org/redmine/issues/1194"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/submit/786061"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/vuln/355486"}, {"source": "cna@vuldb.com", "tags": ["Permissions Required", "VDB Entry"], "url": "https://vuldb.com/vuln/355486/cti"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-77"}, {"lang": "en", "value": "CWE-78"}], "source": "cna@vuldb.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "3.0"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "3.1"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "3.2"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "3.3"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "3.4"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "3.5"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "3.6"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "3.7.0"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "DCMTK", "source": "cna", "vendor": "OFFIS"}, "product": "dcmtk", "vendor": "offis"}], "analysis": {"en": {"generated_at": "2026-04-29T00:34:04.163712+00:00", "value": {"mitigation_remediation": ["Apply the vendor patch provided in commit edbb085e45788dccaf0e64d71534cfca925784b8 to update DCMTK to a fixed version.", "Restart the storescp service to ensure the patched binaries are loaded.", "Restrict or temporarily disable external access to the storescp service until the patch is applied, and monitor logs for any anomalous command execution attempts."], "summary": {"action": "Patch Now", "impact": "Remote OS Command Execution"}, "threat_synthesis": {"affected_systems": "Any installation of OFFIS DCMTK up to and including version\u202f3.7.0 is affected. The vulnerability is confined to the storescp component of the DCMTK package. Users of the DCMTK distribution who run the storescp service are at risk.", "description_and_impact": "The flaw is located in OFFIS DCMTK\u2019s storescp application, specifically within the executeOnReception and executeOnEndOfStudy functions defined in storescp.cc. A attacker can craft input that causes these functions to invoke system commands, leading to OS command injection. This allows remote attackers to run arbitrary commands with the privileges of the running storescp service, effectively giving full control over the host system.", "risk_and_exploitability": "The CVSS base score is\u202f6.9, which indicates moderate severity, while the EPSS shows a probability of less than\u202f1\u202f%, implying a very low likelihood of exploitation at this time. The flaw is not listed in CISA\u2019s KEV catalog. Exploitation requires remote access to the DCMTK storescp service and the ability to supply a specially crafted dataset that triggers the vulnerable function, thereby enabling command execution."}}}}, "created": "2026-04-06T20:14:30.577744+00:00", "updated": "2026-04-29T00:45:26.155139+00:00", "vendors": ["offis", "offis$PRODUCT$dcmtk"]}