CVE-2026-32711

Published: Mar 20, 2026 Last Modified: Mar 20, 2026
ExploitDB:
Other exploit source:
Google Dorks:
HIGH 7,8
Source: [email protected]
Attack Vector: local
Attack Complexity: low
Privileges Required: none
User Interaction: required
Scope: unchanged
Confidentiality: high
Integrity: high
Availability: high

Description

AI Translation Available

pydicom is a pure Python package for working with DICOM files. Versions 2.0.0-rc.1 through 3.0.1 are vulnerable to Path Traversal through a maliciously crafted DICOMDIR ReferencedFileID when it is set to a path outside the File-set root. pydicom resolves the path only to confirm that it exists, but does not verify that the resolved path remains under the File-set root. Subsequent public FileSet operations such as copy(), write(), and remove()+write(use_existing=True) use that unchecked path in file I/O operations. This allows arbitrary file read/copy and, in some flows, move/delete outside the File-set root. This issue has been fixed in version 3.0.2.

22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Stable
Abstraction: Base Structure: Simple
Common Consequences
Security Scopes Affected:
Integrity Confidentiality Availability
Potential Impacts:
Execute Unauthorized Code Or Commands Modify Files Or Directories Read Files Or Directories Dos: Crash, Exit, Or Restart
Applicable Platforms
Technologies: AI/ML
Likelihood of Exploit: High
View CWE Details
https://github.com/pydicom/pydicom/commit/6414f01a053dff925…
https://github.com/pydicom/pydicom/commit/6414f01a053dff925578799f5a7208d2ae585…
https://github.com/pydicom/pydicom/releases/tag/v3.0.2
https://github.com/pydicom/pydicom/releases/tag/v3.0.2
https://github.com/pydicom/pydicom/security/advisories/GHSA…
https://github.com/pydicom/pydicom/security/advisories/GHSA-v856-2rf8-9f28