Path traversal in pydicom - CVE-2026-32711
Published: July 14, 2026
pydicom
Detailed vulnerability description
The vulnerability allows a local user to perform directory traversal attacks.
The vulnerability exists due to input validation error when processing directory traversal sequences. A local user can trick the victim into opening a maliciously crafted DICOMDIR ReferencedFileID when it is set to a path outside the File-set root and read arbitrary files on the system.