A memory exhaustion vulnerability exists in ZIP archive processing. Orthanc automatically extracts ZIP archives uploaded to certain endpoints and trusts metadata fields describing the uncompressed size of archived files. An attacker can craft a small ZIP archive containing a forged size value, causing the server to allocate extremely large buffers during extraction.
CVE-2026-5439
NONE
EPSS 0.06%
Updated Apr 09, 2026
CVE Details
CVE ID
CVE-2026-5439
Published Date
Apr 09, 2026
Vendor
Not specified
Severity
NONE
Exploit Prediction (EPSS)
Probability of Exploit
0.06%
Likelihood of exploitation in next 30 days
Percentile:
17.1th percentile (higher than 17.1% of all CVEs)
Standard patching cycle
Impact
Minimal impact
Source
View Advisory