CVE-2026-5663: OS Command Injection in OFFIS DCMTK
CVE-2026-5663 is a medium severity OS command injection vulnerability in OFFIS DCMTK versions up to 3. 7. 0. It affects the executeOnReception and executeOnEndOfStudy functions in the storescp component, allowing remote attackers to inject OS commands. A patch identified by commit edbb085e45788dccaf0e64d71534cfca925784b8 is available to fix this issue. No known exploits in the wild have been reported. Users of affected versions should apply the patch to remediate the vulnerability.
AI Analysis
Technical Summary
This vulnerability exists in the OFFIS DCMTK software up to version 3.7.0, specifically in the storescp component's executeOnReception and executeOnEndOfStudy functions within the dcmnet/apps/storescp.cc file. Improper handling of input allows an attacker to perform OS command injection remotely. The vulnerability has a CVSS 4.0 base score of 6.9 (medium severity) with network attack vector, low complexity, no privileges or user interaction required, and low impact on confidentiality, integrity, and availability. A patch identified by commit edbb085e45788dccaf0e64d71534cfca925784b8 is recommended to fix the issue.
Potential Impact
Successful exploitation allows remote attackers to execute arbitrary OS commands on the affected system via the vulnerable functions in the storescp component. This can lead to unauthorized system control or compromise. The CVSS score of 6.9 indicates a medium impact level with potential confidentiality, integrity, and availability impacts rated as low.
Mitigation Recommendations
A patch is available for this vulnerability, identified by commit edbb085e45788dccaf0e64d71534cfca925784b8. Applying this patch is the recommended remediation to fix the OS command injection issue. No vendor advisory content contradicts this; therefore, affected users should update to a patched version of OFFIS DCMTK to mitigate the risk.
CVE-2026-5663: OS Command Injection in OFFIS DCMTK
Description
CVE-2026-5663 is a medium severity OS command injection vulnerability in OFFIS DCMTK versions up to 3. 7. 0. It affects the executeOnReception and executeOnEndOfStudy functions in the storescp component, allowing remote attackers to inject OS commands. A patch identified by commit edbb085e45788dccaf0e64d71534cfca925784b8 is available to fix this issue. No known exploits in the wild have been reported. Users of affected versions should apply the patch to remediate the vulnerability.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability exists in the OFFIS DCMTK software up to version 3.7.0, specifically in the storescp component's executeOnReception and executeOnEndOfStudy functions within the dcmnet/apps/storescp.cc file. Improper handling of input allows an attacker to perform OS command injection remotely. The vulnerability has a CVSS 4.0 base score of 6.9 (medium severity) with network attack vector, low complexity, no privileges or user interaction required, and low impact on confidentiality, integrity, and availability. A patch identified by commit edbb085e45788dccaf0e64d71534cfca925784b8 is recommended to fix the issue.
Potential Impact
Successful exploitation allows remote attackers to execute arbitrary OS commands on the affected system via the vulnerable functions in the storescp component. This can lead to unauthorized system control or compromise. The CVSS score of 6.9 indicates a medium impact level with potential confidentiality, integrity, and availability impacts rated as low.
Mitigation Recommendations
A patch is available for this vulnerability, identified by commit edbb085e45788dccaf0e64d71534cfca925784b8. Applying this patch is the recommended remediation to fix the OS command injection issue. No vendor advisory content contradicts this; therefore, affected users should update to a patched version of OFFIS DCMTK to mitigate the risk.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- VulDB
- Date Reserved
- 2026-04-06T07:55:05.388Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69d3c3860a160ebd92bdb61e
Added to database: 4/6/2026, 2:30:30 PM
Last enriched: 4/6/2026, 2:45:32 PM
Last updated: 4/6/2026, 3:31:37 PM
Views: 6
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.