Machine Spirits Logo
All Advisories

pynetdicom

Unauthenticated Path Traversal in the qrscp C-STORE Handler

pynetdicom's bundled qrscp Query/Retrieve server builds the path it writes each received DICOM dataset to from the dataset's own SOPInstanceUID, with no sanitization. An unauthenticated attacker who can reach the DICOM port sends a C-STORE whose SOPInstanceUID escapes the storage directory and writes an attacker-controlled file to an arbitrary path on the server. All releases up to and including v3.0.4 are affected, and no fixed release is available. The issue is tracked as CVE-2026-56445 and published by CISA as advisory ICSMA-26-176-01.

This advisory contains limited information during coordinated disclosure. Please check back later for full details.

Authored byVolker Schönefeld, Simon Weber2026-06-25
SeverityCriticalCVSS 9.1CVSS 3.1 VectorAV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:HCWECWE-22 (Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'))ProductpynetdicomAffected VersionsAll releases up to and including v3.0.4 (current at disclosure). The core library and the `storescp` application are not affected.Fixed InNot fixed. No patched release is available; per CISA ICSMA-26-176-01 the maintainers have not yet released a fix. Apply the mitigations below until one lands.CVECVE-2026-56445

Description

pynetdicom is a widely used pure-Python implementation of the DICOM networking protocol, used both as a library and through its bundled applications. We appreciate the project's long-standing contribution to open DICOM tooling. This advisory concerns the bundled qrscp Query/Retrieve SCP application only; the core library is not affected. The issue is tracked as CVE-2026-56445 and published by CISA as advisory ICSMA-26-176-01.

Because no patched release is available yet, we are holding the full technical writeup. The summary above reflects what CISA has published; deeper detail and reproduction will be added here once a fix lands.

Impact

  • An unauthenticated remote attacker who can reach the qrscp DICOM port (11112 by default, with no authentication required) writes an attacker-controlled file to an arbitrary path the server process can write. An arbitrary file write of this kind is commonly escalated to code execution on the host.

Mitigation

No fixed release is available. Restrict the qrscp DICOM port (11112 by default) to trusted peers behind a firewall or VPN, keep it off the public internet, and watch the project for a patched release.

References

How We Can Help

Who We Are

The security researchers behind this advisory.

Dr. Simon Weber Profile

Dr. rer. nat. Simon Weber

Senior Pentester & MedSec Researcher

I evaluate your SaMD with the same industry-defining security insight I contributed to the BAK MV for the revision of the B3S standard.

  • PhD on Hospital Cybersecurity
  • Critical vulnerabilities found in hospital systems
  • Alumni of THB MedSec Research Group
  • gematik Security Hero
Volker Schönefeld Profile

Dipl.-Inf. Volker Schönefeld

Senior Application Security Expert

As a former CTO and developer turned pentester, I work alongside your team to uncover vulnerabilities and find solutions that fit your architecture.

  • 20+ years as CTO, 50M+ app downloads
  • Architected and secured large-scale IoT fleets
  • Certified Web Exploitation Specialist
  • gematik Security Hero
View Full Team Profiles

Looking for a Penetration Test?

Machine Spirits specializes in security assessments for medical devices and healthcare IT. From MDR penetration testing to C5 cloud compliance, we help MedTech companies meet regulatory requirements.

Get in TouchLearn More About Our Services