CVE-2026-50003
CriticalCVSS 9.8Exploitation Probability (EPSS)
Low risk35th percentile — higher than 35% of all known CVEs
Summary
A malicious or compromised server can make a DCMTK client using bit-preserving C-GET storage mode write files outside the chosen output directory, using both relative (../) paths and absolute paths.
Risk Assessment
The risk involves potential overwriting or creation of files in arbitrary filesystem locations, which could lead to data integrity compromise, privilege escalation, or further system compromise.
Recommendation
Update the DCMTK library to a version that includes a fix preventing file writes outside the allowed output directory and implement path validation on the client side.
Original NVD description (English source)
A malicious or compromised server can make a DCMTK client using bit-preserving C-GET storage mode write files outside the chosen output directory, using both relative (../) paths and absolute paths.

