CVE-2026-56445 - CERT CVE
ID CVE-2026-56445
Sažetak The qrscp application's C-STORE handler uses a specific instance from attacker-supplied DICOM datasets directly in os.path.join() without sanitization, allowing file writes to arbitrary paths.
Reference
CVSS
Base: 9.1
Impact: 5.2
Exploitability:3.9
Pristup
VektorSloženostAutentikacija
NETWORK LOW NONE
Impact
PovjerljivostCjelovitostDostupnost
NONE HIGH HIGH
CVSS vektor CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
Zadnje važnije ažuriranje 26-06-2026 - 20:08
Objavljeno 25-06-2026 - 21:16