High severity7.5NVD Advisory· Published Apr 9, 2026· Updated Apr 15, 2026
CVE-2026-5439
CVE-2026-5439
Description
A memory exhaustion vulnerability exists in ZIP archive processing. Orthanc automatically extracts ZIP archives uploaded to certain endpoints and trusts metadata fields describing the uncompressed size of archived files. An attacker can craft a small ZIP archive containing a forged size value, causing the server to allocate extremely large buffers during extraction.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2cpe:2.3:a:orthanc-server:orthanc:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:orthanc-server:orthanc:*:*:*:*:*:*:*:*range: <1.12.11
- (no CPE)
Patches
Vulnerability mechanics
References
3- kb.cert.org/vuls/id/536588nvdThird Party AdvisoryVDB Entry
- www.machinespirits.denvdNot Applicable
- www.orthanc-server.comnvdProduct
News mentions
0No linked articles in our index yet.