What versions of Orthanc are affected by these DICOM vulnerabilities?

Orthanc 1.12.10 and earlier. Update to 1.12.11 fixes all nine CVEs.

Can Orthanc DICOM vulnerabilities lead to remote code execution?

Heap overflows might enable RCE under specific conditions, per CERT/CC. Crashes and leaks are easier.

How do I protect my Orthanc server from these flaws?

Patch immediately. Firewall HTTP/DICOM ports. Validate all incoming metadata and images. (Word count: 942)

Orthanc DICOM Server Riddled with Nine Nasty Vulnerabilities: Crashes, Leaks, RCE

Everyone figured Orthanc was the safe, lightweight DICOM server for medical imaging. Wrong. Nine vulns just handed attackers crashes, leaks, and a shot at remote code execution.

theAIcatchup Apr 10, 2026 3 min read

Diagram of Orthanc DICOM server vulnerabilities leading to crashes and RCE

⚡ Key Takeaways

Nine Orthanc vulns enable crashes, leaks, potential RCE via poor validation and buffer issues. 𝕏
Affects versions 1.12.10 and earlier; patch to 1.12.11 now. 𝕏
Healthcare imaging systems at risk—history shows attackers love medical targets. 𝕏

Published by

theAIcatchup

Threat intelligence. Zero noise.

#CERT/CC advisory #DICOM server flaws #Orthanc vulnerabilities #RCE in healthcare

Worth sharing?

Get the best Cybersecurity stories of the week in your inbox — no noise, no spam.

Originally reported by SecurityWeek

⚡ Key Takeaways

The 60-Second TL;DR

theAIcatchup

Share this article

Worth sharing?

Related Stories

Flowise's Perfect-Score Flaw CVE-2025-59528: Attackers Already Inside

Juniper's Junos Nightmare: 36 Holes, a Default Password, and Echoes of 2015

Project Glasswing: AI Unleashes a Vulnerability Storm on Open Source

Marimo's Terminal Shell Cracked Open: CVE-2026-39987 Exploited in Under 10 Hours

Stay in the loop