CVE-2026-56445
Received Received - Intake
Arbitrary File Write via Unsanitized DICOM Path in qrscp

Publication date: 2026-06-25

Last updated on: 2026-06-25

Assigner: ICS-CERT

Description
The qrscp application's C-STORE handler uses a specific instance from attacker-supplied DICOM datasets directly in os.path.join() without sanitization, allowing file writes to arbitrary paths.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-25
Last Modified
2026-06-25
Generated
2026-06-26
AI Q&A
2026-06-26
EPSS Evaluated
N/A
NVD
CVE-2026-56445
Affected Vendors & Products
Currently, no data is known.
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-22 The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

The vulnerability exists in the qrscp application's C-STORE handler, which processes DICOM datasets. It uses a specific instance from attacker-supplied DICOM data directly in the os.path.join() function without sanitizing the input. This lack of sanitization allows an attacker to write files to arbitrary paths on the system.

Impact Analysis

This vulnerability can allow an attacker to write files to arbitrary locations on the affected system. This can lead to unauthorized file creation or modification, potentially resulting in system compromise, data corruption, or disruption of normal operations.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-56445. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart