CVE-2026-3650 Meta — Exploit & Vulnerability Details HIGH

CVE-2026-3650

HIGH CVSS 4.0: 8.7 EPSS 0.06%

Parameter	Value
CVSS	8.7 (HIGH)
Type	CWE-401 (Memory Leak)
Vendor	Meta
Public PoC	No

A memory leak exists in the Grassroots DICOM library (GDCM). The bug occurs when parsing malformed DICOM files with non-standard VR types in file meta information. The vulnerability leads to vast memory allocations and resource depletion, triggering a denial-of-service condition.

A maliciously crafted file can fill the heap in a single read operation without properly releasing it.

Attack Parameters

Attack Vector

Network

Can be exploited remotely

Attack Complexity

Low

Easy to exploit

Attack Requirements

None

No additional conditions

Privileges Required

None

No privileges needed

User Interaction

None

No user interaction needed

Impact Assessment

Confidentiality

None

No data leak

Integrity

None

No data modification

Availability

High

Complete denial of service

CVSS Vector v4.0

Weakness Type (CWE)

CWE-401 Memory Leak

References 3

https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsma-26-…

ics-cert@hq.dhs.gov

https://sourceforge.net/projects/gdcm/

ics-cert@hq.dhs.gov

https://www.cisa.gov/news-events/ics-medical-advisories/icsma-26-083-01

ics-cert@hq.dhs.gov

Share Post Share Share Share

Related Vulnerabilities

CVE-2026-35569

Meta

8.7

CVE-2026-40096

Meta

5.1

CVE-2026-2305

Meta

6.4

CVE-2026-4664

Meta

5.3

CVE-2026-5437

Meta

None

Menu

CVE-2026-3650

Attack Parameters

Impact Assessment

CVSS Vector v4.0

Weakness Type (CWE)

References 3

Related Vulnerabilities

CVE-2026-35569

CVE-2026-40096

CVE-2026-2305

CVE-2026-4664

CVE-2026-5437

CVE Details

Editor's Choice

Menu

CVE-2026-3650

Attack Parameters

Impact Assessment

CVSS Vector v4.0

Weakness Type (CWE)

References 3

Related Vulnerabilities

CVE-2026-35569

CVE-2026-40096

CVE-2026-2305

CVE-2026-4664

CVE-2026-5437

CVE Details

Editor's Choice

Stay informed on cybersecurity