Is CVE-2026-5439 actively exploited?

CVE-2026-5439 has no public evidence of in-the-wild exploitation as of 2026-04-15.

What is the CVSS score for CVE-2026-5439?

CVE-2026-5439 has a CVSS score of 7.5 (HIGH severity). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H.

How do I patch CVE-2026-5439?

Patch guidance is available from orthanc-server security advisories. CVEDatabase generates AI-assisted remediation guidance on demand for CVE-2026-5439.

Which products are affected by CVE-2026-5439?

1 product: orthanc-server orthanc.

Fix CVE-2026-5439 - HIGH orthanc-server orthanc

Description

A memory exhaustion vulnerability exists in ZIP archive processing. Orthanc automatically extracts ZIP archives uploaded to certain endpoints and trusts metadata fields describing the uncompressed size of archived files. An attacker can craft a small ZIP archive containing a forged size value, causing the server to allocate extremely large buffers during extraction.

CVSS Metrics

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector: network
Complexity: low
Privileges: none
User Action: none
Scope: unchanged
Confidentiality: none
Integrity: none
Availability: high
Weaknesses: CWE-770

Metadata

Primary Vendor: ORTHANC-SERVER
Published: 4/9/2026
Last Modified: 4/15/2026
Source: NIST NVD
Note: Verify all details with official vendor sources before applying patches.

CVE-2026-5439

Description

CVSS Metrics

Metadata

Affected Products

Remediation Guidance

Executive Summary