Is CVE-2026-5437 actively exploited?

CVE-2026-5437 has no public evidence of in-the-wild exploitation as of 2026-04-15.

What is the CVSS score for CVE-2026-5437?

CVE-2026-5437 has a CVSS score of 7.5 (HIGH severity). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H.

How do I patch CVE-2026-5437?

Patch guidance is available from orthanc-server security advisories. CVEDatabase generates AI-assisted remediation guidance on demand for CVE-2026-5437.

Which products are affected by CVE-2026-5437?

1 product: orthanc-server orthanc.

Fix CVE-2026-5437 - HIGH orthanc-server orthanc

Description

An out-of-bounds read vulnerability exists in `DicomStreamReader` during DICOM meta-header parsing. When processing malformed metadata structures, the parser may read beyond the bounds of the allocated metadata buffer. Although this issue does not typically crash the server or expose data directly to the attacker, it reflects insufficient input validation in the parsing logic.

CVSS Metrics

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector: network
Complexity: low
Privileges: none
User Action: none
Scope: unchanged
Confidentiality: none
Integrity: none
Availability: high
Weaknesses: CWE-125 · Out-of-bounds Read

Metadata

Primary Vendor: ORTHANC-SERVER
Published: 4/9/2026
Last Modified: 4/15/2026
Source: NIST NVD
Note: Verify all details with official vendor sources before applying patches.

CVE-2026-5437

Description

CVSS Metrics

Metadata

Affected Products

Remediation Guidance

Executive Summary