CVE-2026-50003
OFFIS · DCMTK Toolkit
A path traversal vulnerability in the DCMTK Toolkit allows a malicious server to force a client to write files to arbitrary locations on the host system.
Executive summary
A critical path traversal vulnerability in the OFFIS DCMTK Toolkit enables remote attackers to perform arbitrary file writes, potentially leading to full system compromise.
Vulnerability
The vulnerability exists in the bit-preserving C-GET storage mode, where the client fails to properly sanitize file paths received from a server. An unauthenticated remote attacker acting as a malicious server can exploit this to write files outside of the intended directory using relative or absolute paths.
Business impact
With a CVSS score of 9.8, this vulnerability carries a high risk of remote code execution or system file corruption. An attacker could overwrite critical system binaries or configuration files, leading to unauthorized access, system instability, and complete loss of confidentiality and integrity of the affected host.
Remediation
Immediate Action: Apply the latest security patches provided by the DCMTK vendor immediately to remediate the path sanitization flaw.
Proactive Monitoring: Monitor file system activity for unexpected file creation or modification events in sensitive directories while using the DCMTK client.
Compensating Controls: Ensure that the DCMTK client is executed with the least privilege necessary, ideally within a containerized environment to restrict file system access.
Exploitation status
Public Exploit Available: False
Analyst recommendation
Given the extreme severity of this vulnerability, organizations relying on DCMTK for medical imaging or related data transfers must prioritize patching. Failure to update may allow attackers to gain persistent access to the host system by manipulating local files.