CVE-2026-5439
Essential information
- Published
- 09/04/2026 15:16
- Modified
- 09/04/2026 15:16
- Author
- —
- Creator
- —
- CISA KEV
- No
- CWE
- —
- CVSS vector
- — — —
Description
A memory exhaustion vulnerability exists in ZIP archive processing. Orthanc automatically extracts ZIP archives uploaded to certain endpoints and trusts metadata fields describing the uncompressed size of archived files. An attacker can craft a small ZIP archive containing a forged size value, causing the server to allocate extremely large buffers during extraction.
NVD status
- Status
- Received — CVE has been recently published to the CVE List and has been received by the NVD.
- Source
- [email protected]
- NVD
- View on NVD
Affected products (CPE)
| Product | CPE |
|---|---|
| orthanc / orthanc | cpe:2.3:a:orthanc:orthanc:*:*:*:*:*:*:*:* |
| zip / zip | cpe:2.3:a:zip:zip:*:*:*:*:*:*:*:* |