CVE-2026-52868
HighCVSS 8.2Exploitation Probability (EPSS)
Low risk29th percentile — higher than 29% of all known CVEs
Summary
An unauthenticated attacker can read worklist records from a directory outside the intended per-AE worklist storage area. In a multi-area deployment, this can cross departmental or clinic data separation.
Risk Assessment
The risk involves unauthorized access to sensitive patient data or schedules, potentially leading to privacy breaches and non-compliance with regulations like GDPR or HIPAA.
Recommendation
Immediately update the system to a patched version and configure strict access controls for worklist storage directories.
Original NVD description (English source)
An unauthenticated attacker can read worklist records from a directory outside the intended per-AE worklist storage area. In a multi-area deployment, this can cross departmental or clinic data separation.

