CISA Warns of Critical Path Traversal Flaw in pydicom pynetdicom Library Used by Healthcare
CISA disclosed a critical path traversal vulnerability in the open-source pydicom pynetdicom library, allowing unauthenticated remote attackers to write files to arbitrary paths, with a CVSS score of 9.1.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an advisory for a critical vulnerability in the pydicom pynetdicom library, an open-source DICOM networking toolkit widely used in healthcare applications for medical imaging data exchange. The flaw, tracked as CVE-2026-56445, carries a CVSS v3.1 base score of 9.1 (Critical) and affects all versions from 1.0.0 up to, but not including, 3.0.4.
The vulnerability resides in the qrscp (query/retrieve service class provider) application's C-STORE handler. According to the CISA advisory, the handler uses attacker-supplied values from DICOM datasets directly in the os.path.join() function without any sanitization. This allows an unauthenticated attacker to craft a malicious DICOM dataset that, when processed by the qrscp service, writes files to arbitrary locations on the target file system. The impact is high for both integrity and availability, though confidentiality is not directly compromised.
The pydicom pynetdicom library is deployed globally in the Healthcare and Public Health sector. DICOM (Digital Imaging and Communications in Medicine) is the international standard for transmitting, storing, and sharing medical images—such as X-rays, MRIs, and CT scans—across systems from different vendors. The vulnerable qrscp service is commonly used in picture archiving and communication systems (PACS) and radiology information systems, making the potential attack surface substantial.
CISA notes that the maintainer of pynetdicom has not responded to requests to work with the agency on a fix. The advisory directs users to the project's GitHub page for any future updates. Meanwhile, organizations running affected versions (≥1.0.0, <3.0.4) are strongly urged to implement defensive measures. Since no known exploitation in the wild has been reported as of the advisory's publication on June 25, 2026, the window for proactive mitigation remains open.
Recommended mitigations include minimizing network exposure for all systems running the library, ensuring they are not accessible from the internet. Control system networks should be placed behind firewalls and isolated from business networks. Where remote access is required, organizations should use virtual private networks (VPNs) with up-to-date patches. The vulnerability was reported to CISA by Simon Weber and Volker Schönefeld of Machine Spirits UG.
This advisory underscores the growing risk landscape for medical device software and open-source components in critical infrastructure. As healthcare organizations increasingly rely on interoperable data exchange, vulnerabilities in foundational libraries like pynetdicom can have cascading effects. The absence of a vendor fix highlights the importance of maintaining an internal patch management and network segmentation strategy, particularly for legacy or unmaintained code. CISA's guidance also recommends following established reporting procedures for any suspected malicious activity to help track and correlate threats across the sector.
CISA’s advisory (ICSA-26-176-01) provides the full technical breakdown: the qrscp C-STORE handler concatenates attacker-supplied DICOM dataset paths into os.path.join() without sanitization, enabling arbitrary file write with a CVSS 3.1 score of 9.1. The flaw affects pynetdicom versions >=1.0.0 before 3.0.4, and CISA notes that the maintainer has not responded to mitigation requests. The advisory also credits Simon Weber and Volker Schönefeld of Machine Spirits UG for the discovery.