Filtered by vendor Open Health Imaging Foundation
Subscriptions
Filtered by product Dicom Web Viewer Framework
Subscriptions
Total
1 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-12473 | 1 Open Health Imaging Foundation | 1 Dicom Web Viewer Framework | 2026-06-26 | 8.2 High |
| Two data sources (DICOMWebProxy and DICOMJSON) shipped in the default configuration fetch an arbitrary URL parameter without validation. A global authentication service in OHIF automatically injects the authenticated user's OIDC Bearer token into the resulting requests, sending it to the attacker-controlled server. DICOMweb data sources are not impacted. | ||||
Page 1 of 1.