CVE Catalog

CVE-2026-52868

HighCVSS 8.2
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.37%

29th percentile — higher than 29% of all known CVEs

Summary

An unauthenticated attacker can read worklist records from a directory outside the intended per-AE worklist storage area. In a multi-area deployment, this can cross departmental or clinic data separation.

Risk Assessment

The risk involves unauthorized access to sensitive patient data or schedules, potentially leading to privacy breaches and non-compliance with regulations like GDPR or HIPAA.

Recommendation

Immediately update the system to a patched version and configure strict access controls for worklist storage directories.

Original NVD description (English source)

An unauthenticated attacker can read worklist records from a directory outside the intended per-AE worklist storage area. In a multi-area deployment, this can cross departmental or clinic data separation.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS