CISA flags critical pynetdicom path traversal with no vendor fix

CISA’s medical advisory is blunt: pynetdicom’s qrscp C-STORE handler uses attacker-supplied DICOM dataset data in os.path.join() without sanitization, allowing an unauthenticated network attacker to write files to arbitrary paths. The affected range is pydicom pynetdicom >=v1.0.0|<v3.0.4, with CVE-2026-56445 scored 9.1 under CVSS 3.1 and 8.8 under CVSS 4.0. CISA says no known public exploitation has been reported to it.

The part that matters Monday is the mitigation posture. CISA does not point to a patched release. It says the maintainer of pynetdicom has not responded to requests to work with CISA, and tells users to check the GitHub page for update information. That moves this out of the ordinary “apply vendor update” lane and into compensating controls: remove internet exposure, firewall DICOM services from business networks, isolate control system and medical imaging networks, and reassess any remote-access path into those segments.

That is awkward for healthcare environments because DICOM is not a decorative protocol. Imaging workflows depend on it, and many hospitals, municipal providers and contractors have inherited configurations that are harder to inventory than they are to defend. MSPs and internal teams should be looking specifically for qrscp deployments and for applications embedding vulnerable pynetdicom versions, not just scanning for a brand name appliance.

CISA’s note that an open-source maintainer did not engage is the uncomfortable piece. Coordinated disclosure assumes there is someone on the other end with authority, time and release machinery. When that fails in a critical infrastructure dependency, the government can publish, score and recommend isolation. It cannot ship the maintainer’s patch. That gap is now the operator’s problem.