CVE-2026-56445
View CSAF Summary Successful exploitation of this vulnerability could allow an unauthenticated attacker to write to arbitrary file paths. The following versions of pydicom pynetdicom Library are affected: pynetdicom >=v1.0.0|<v3.0.4 CVSS Vendor Equipment Vulnerabilities v3 9.1 pydicom pydicom pynetdicom Library Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Background Critical Infrastructure Sectors: Healthcare and Public Health Countries/Areas Deployed: Worldwide Company Headquarters Location: United States Vulnerabilities Expand All + CVE-2026-56445 The qrscp application's C-STORE handler uses a specific instance from attacker-supplied DICOM datasets directly in os.path.join() without sanitization, allowing file writes to arbitrary paths. View CVE Details Affected Products pydicom pynetdicom Library Vendor: pydicom Product Version: pydicom pynetdicom: >=v1.0.0|<v3.0.4 Product Status: known_affected Remediations Vendor fix The maintainer of pynetdicom has not responded to requests to work with CISA to mitigate this vulnerability. For update information, refer to the github page https://github.com/pydicom/pynetdicom. https://github.com/pydicom/pynetdicom Relevant CWE: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Metrics CVSS Version Base Score Base Severity Vector String 3.1 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H 4.0 8.8 HIGH CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N Acknowledgments Simon Weber and Volker Schönefeld of Machine Spirits UG reported this vulnerability to CISA Legal Notice and Terms of Use This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy). Recommended Practices CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Minimize network exposure for all control system devices and/or systems
CSIRTS triage
- What
- A vulnerability could allow an unauthenticated attacker to write to arbitrary file paths.
- Who is affected
- Users of pydicom pynetdicom Library versions in the specified range.
- Urgency
- Critical urgency due to the potential for arbitrary file writes.
- Action
- Upgrade to pynetdicom version 3.0.4 or later.
AI-assisted analysis generated from the source advisory — verify against the original.
⚡ Watch CVE-2026-56445
Get an email if CVE-2026-56445 is added to CISA KEV, gains public exploit code, or a new advisory cites it — max one per day, one-click unsubscribe.
Exploitation outlook
- Low exploitation risk0.43% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 35% of all EPSS-scored CVEs.
Advisory coverage (2)
- criticalCVE-2026-56445: The qrscp application's C-STORE handler uses a specific instance from attacker-supplied DICOM …nvd · 2026-06-25
- criticalpydicom pynetdicom Librarycisa · 2026-06-25
External references
Embed the live status
— this badge updates automatically when the KEV or exploit status changes. How to embed it →
[](https://www.csirts.com/cve/CVE-2026-56445)