The next time a radiologist opens your MRI scan, that image file could be silently stealing data off the hospital's computer — and nobody in the room would see a thing.
Who's at Risk — and How Big Is This?
DICOM — which stands for Digital Imaging and Communications in Medicine — is the universal file format behind virtually every medical image on the planet. CT scans, MRIs, X-rays, ultrasounds: if it was taken in a hospital or clinic in the last three decades, it was almost certainly stored and transmitted as a DICOM file. Estimates suggest over 3,400 medical imaging systems are publicly exposed on the internet at any given time, according to research from Greenbone Networks, with billions of patient records attached. The software library affected by this flaw is embedded in countless radiology workstations, PACS (picture archiving) servers, and open-source medical imaging tools used in hospitals from rural clinics to major academic medical centers worldwide.
The people directly in the crosshairs are hospital IT teams, radiologists, and — less visibly — every patient whose scans flow through an affected system. But the downstream consequences reach further: health insurers, research institutions, and any organization that exchanges medical images as part of routine care could be touching vulnerable software right now without knowing it.
What an Attacker Can Actually Do
Here's the scenario in plain terms. Imagine a medical image file is really just a very long, tightly compressed ZIP of picture data. Inside that ZIP, there are special marker codes that tell the software "stop here" or "switch modes here." The flaw lives in the part of the software that unpacks a specific Philips-proprietary compression format — a format that's been quietly embedded in DICOM files for years. An attacker crafts a booby-trapped image file and places a malformed marker right at the very end of the compressed data — essentially right at the edge of a cliff. When the decoder hits that marker, instead of stopping, it stumbles off the edge and keeps reading memory that belongs to something else entirely on the computer.
That "something else" is heap memory — the part of a computer's working memory where running programs store active data. What's sitting in heap memory at any given moment on a hospital workstation? Potentially: fragments of patient records loaded moments before, authentication tokens, session cookies for connected systems, or pieces of other files recently opened. The attacker doesn't get to choose exactly what spills out, but they don't have to. The leaked data gets silently embedded into the rendered image output — the actual picture the radiologist sees on screen — where it can be harvested by anyone with access to that image afterward.
To pull this off, an attacker needs to get their malicious DICOM file in front of the vulnerable software. In a healthcare environment, that's not a tall order. DICOM files arrive constantly — from imaging devices, from referring physicians, from patient portals, from research collaborators. A convincing phishing email with an attached "patient scan" to a radiology department, or a compromised imaging device on the hospital network, would be enough to trigger the flaw. The victim doesn't click anything suspicious. They just open what looks like a normal medical image and do their job.
The Technical Detail Security Teams Need
The vulnerability lives in a function called DecodePsmctRle1 inside DicomImageDecoder.cpp, the component responsible for decompressing the PMSCT_RLE1 run-length encoding format used by Philips imaging devices. The bug is an out-of-bounds read — vulnerability class CWE-125 — triggered when escape markers appear within the final bytes of a compressed data buffer, causing the decoder to advance its read pointer past the allocated memory boundary and return heap contents as decoded pixel data. It carries a CVSS score of 7.1 (HIGH) and affects all platforms where the library runs, including Windows, Linux, and macOS deployments. The information disclosure is passive and leaves no obvious log trace, making forensic detection after the fact genuinely difficult.
Discovery, Exploitation, and Known Victims
As of publication, there is no confirmed active exploitation of CVE-2026-5441 in the wild, and no known victims have been publicly identified. The vulnerability has been assigned and disclosed through standard coordinated channels, giving vendors a window to patch before attackers weaponize it. However, the security community's concern is not hypothetical — DICOM-based attack research has been an active area since at least 2019, when researchers demonstrated that malware could be hidden inside DICOM files and go undetected by antivirus tools. The addition of a memory-leaking vector into that already-dangerous landscape raises the stakes considerably. The healthcare sector's historically slow patch cycles — driven by regulatory burdens, legacy system lock-in, and 24/7 operational demands — mean that even a well-disclosed vulnerability can remain exposed in production environments for months or years after a fix is available.
Security teams should treat the absence of active exploitation as a narrow window of opportunity, not a reason to delay. Out-of-bounds read vulnerabilities with heap-leak characteristics have a well-documented history of being rapidly operationalized once public disclosure occurs.
What You Should Do Right Now
If you work in healthcare IT, medical imaging, or security for any organization that handles DICOM files, take these three steps immediately:
-
Audit and update your DICOM software libraries. Identify every system in your environment that processes DICOM files — PACS servers, radiology workstations, teleradiology platforms, research tools. Check whether they use the affected
DicomImageDecodercomponent and apply any patch released by your vendor that addresses CVE-2026-5441. If your vendor has not yet released a patch, contact them directly and ask for an ETA in writing. - Restrict DICOM file ingestion paths immediately. Until patched, implement strict allowlisting controls on which systems and users can submit DICOM files for processing. Block inbound DICOM files from unverified external sources at the network perimeter (standard DICOM traffic runs on port 104 and port 11112). Where possible, route all external image submissions through a sandboxed pre-processing environment before they reach clinical workstations.
- Enable heap memory protections and increase monitoring. On systems that cannot be patched immediately, ensure OS-level memory protections are active — Address Space Layout Randomization (ASLR) and Data Execution Prevention (DEP) are enabled by default on modern Windows and Linux but are sometimes disabled on legacy medical systems for "compatibility" reasons. Additionally, flag anomalous DICOM file activity in your SIEM: unusually large DICOM files, files arriving from unexpected sources, or imaging workstations making unexpected outbound connections should trigger immediate investigation.
CVE: CVE-2026-5441 | CVSS: 7.1 (HIGH) | Category: Out-of-Bounds Read / Information Disclosure | Platform: Cross-platform | Status: No active exploitation confirmed