CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-32711

pydicom is a pure Python package for working with DICOM files. Versions 2.0.0-rc.1 through 3.0.1 are vulnerable to Path Traversal through a maliciously crafted DICOMDIR ReferencedFileID when it is set to a path outside the File-set root. pydicom resolves the path only to confirm that it exists, but does not verify that the resolved path remains under the File-set root. Subsequent public FileSet operations such as copy(), write(), and remove()+write(use_existing=True) use that unchecked path in file I/O operations. This allows arbitrary file read/copy and, in some flows, move/delete outside the File-set root. This issue has been fixed in version 3.0.2.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 0.6%

CVSS Severity

CVSS v3 Score 7.8

References

Products affected by CVE-2026-32711

Pydicom » Pydicom » Version: 2.0.0

cpe:2.3:a:pydicom:pydicom:2.0.0
Pydicom » Pydicom » Version: 2.1.0

cpe:2.3:a:pydicom:pydicom:2.1.0
Pydicom » Pydicom » Version: 2.1.1

cpe:2.3:a:pydicom:pydicom:2.1.1
Pydicom » Pydicom » Version: 2.1.2

cpe:2.3:a:pydicom:pydicom:2.1.2
Pydicom » Pydicom » Version: 2.2.0

cpe:2.3:a:pydicom:pydicom:2.2.0
Pydicom » Pydicom » Version: 2.2.1

cpe:2.3:a:pydicom:pydicom:2.2.1
Pydicom » Pydicom » Version: 2.2.2

cpe:2.3:a:pydicom:pydicom:2.2.2
Pydicom » Pydicom » Version: 2.3.0

cpe:2.3:a:pydicom:pydicom:2.3.0
Pydicom » Pydicom » Version: 2.3.1

cpe:2.3:a:pydicom:pydicom:2.3.1
Pydicom » Pydicom » Version: 2.4.0

cpe:2.3:a:pydicom:pydicom:2.4.0
Pydicom » Pydicom » Version: 2.4.1

cpe:2.3:a:pydicom:pydicom:2.4.1
Pydicom » Pydicom » Version: 2.4.2

cpe:2.3:a:pydicom:pydicom:2.4.2
Pydicom » Pydicom » Version: 2.4.3

cpe:2.3:a:pydicom:pydicom:2.4.3
Pydicom » Pydicom » Version: 2.4.4

cpe:2.3:a:pydicom:pydicom:2.4.4
Pydicom » Pydicom » Version: 2.4.5

cpe:2.3:a:pydicom:pydicom:2.4.5
Pydicom » Pydicom » Version: 3.0.0

cpe:2.3:a:pydicom:pydicom:3.0.0
Pydicom » Pydicom » Version: 3.0.1

cpe:2.3:a:pydicom:pydicom:3.0.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-32711

Products

Pricing

Contact Us