CISA Warns of SSRF Vulnerability in OHIF DICOM Web Viewer Framework Allowing Token Theft
CISA disclosed CVE-2026-12473, a high-severity SSRF vulnerability in the OHIF DICOM Web Viewer Framework that could let attackers steal authenticated clinicians' OIDC bearer tokens via crafted links.
CISA has published an advisory warning of a server-side request forgery (SSRF) vulnerability, tracked as CVE-2026-12473, in the Open Health Imaging Foundation (OHIF) DICOM Web Viewer Framework. The flaw affects all versions up to and including 3.12.0 and carries a CVSS score of 8.2 (High) under the 3.1 standard, or 8.3 under version 4.0. The vulnerability resides in two data source components—DICOMWebProxy and DICOMJSON—that ship as default configurations and fetch arbitrary URL parameters without proper validation. When an authenticated clinician interacting with a custom integration clicks a crafted link, the global authentication service automatically injects the user's OIDC Bearer token into the resulting server-side request, sending it to an attacker-controlled server.
The Healthcare and Public Health sector is globally affected, with OHIF's DICOM viewer deployed across numerous medical imaging workflows. An attacker who successfully exploits this flaw can steal a valid clinician's token, potentially gaining unauthorized access to patient data, imaging records, and other sensitive systems. The DICOMweb data source, which uses a different request mechanism, is not impacted by this vulnerability. The advisory notes that exploitation requires user interaction—specifically, the clinician must click on a malicious link—but no authentication is needed for the SSRF request itself once the token is injected.
Simon Weber and Volker Schönefeld of Machine Spirits UG reported the vulnerability to CISA. The maintainer released a fix in version 3.12.2 on May 18, 2026, with patches available on the OHIF GitHub repository (pull requests #5985 on master and #5978 on the release/3.12 branch). The fix addresses the validation of URL parameters in the affected data sources. For authenticated deployments that require dicomwebproxy or dicomjson functionality, operators must additionally configure a new allowlist called dangerouslyAllowedOriginsForAuthenticatedEnvironments in the app-config.js file to restrict which origins can be used in requests.
CISA recommends users upgrade to version 3.12.2 or later immediately. As an interim mitigation, operators should remove all unused DICOMWebProxyDataSource and DICOMJSONDataSource configurations from their deployment configuration file. The agency further advises minimizing network exposure of medical imaging systems, isolating them behind firewalls, and using secure remote access methods such as VPNs. CISA also reports that no known public exploitation specifically targeting this vulnerability has been reported as of the advisory's release date.
This advisory is part of a broader pattern of vulnerabilities in medical device and healthcare IT software that can compromise patient data and clinical workflows. The OHIF viewer is widely used in open-source PACS (Picture Archiving and Communication Systems) and teleradiology platforms, making this disclosure particularly significant for hospitals and clinics that rely on customized integrations. The SSRF nature of the flaw, combined with automatic token injection, highlights the risks of chaining insecure URL handling with authentication mechanisms.
Organizations operating OHIF-based systems should prioritize patching and review their data source configurations to prevent any exposed endpoints from being abused. The advisory is available in full on CISA's ICS advisories page, including the CSAF summary and detailed CVSS vector.
CISA's advisory now provides full technical details on CVE-2026-12473, confirming that the DICOMWebProxy and DICOMJSON data sources in OHIF DICOM Web Viewer Framework versions up to 3.12.0 fetch arbitrary URLs without validation, allowing an attacker to steal authenticated clinicians' OIDC bearer tokens. The maintainer has released version 3.12.2 with a fix, and operators are advised to configure the new dangerouslyAllowedOriginsForAuthenticatedEnvironments allowlist in app-config.js for authenticated deployments. No public exploitation has been reported to CISA as of the June 25, 2026 advisory release.