CVE-2026-32711

{"id": "CVE-2026-32711", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2026-03-20T02:16:33.600", "references": [{"url": "https://github.com/pydicom/pydicom/commit/6414f01a053dff925578799f5a7208d2ae585e82", "tags": ["Patch"], "source": "security-advisories@github.com"}, {"url": "https://github.com/pydicom/pydicom/releases/tag/v3.0.2", "tags": ["Product", "Release Notes"], "source": "security-advisories@github.com"}, {"url": "https://github.com/pydicom/pydicom/security/advisories/GHSA-v856-2rf8-9f28", "tags": ["Exploit", "Vendor Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "pydicom is a pure Python package for working with DICOM files. Versions 2.0.0-rc.1 through 3.0.1 are vulnerable to Path Traversal through a maliciously crafted DICOMDIR ReferencedFileID when it is set to a path outside the File-set root. pydicom resolves the path only to confirm that it exists, but does not verify that the resolved path remains under the File-set root. Subsequent public FileSet operations such as copy(), write(), and remove()+write(use_existing=True) use that unchecked path in file I/O operations. This allows arbitrary file read/copy and, in some flows, move/delete outside the File-set root. This issue has been fixed in version 3.0.2."}, {"lang": "es", "value": "pydicom es un paquete de Python puro para trabajar con archivos DICOM. Las versiones 2.0.0-rc.1 hasta la 3.0.1 son vulnerables a salto de ruta a trav\u00e9s de un ReferencedFileID de DICOMDIR creado maliciosamente cuando se establece a una ruta fuera de la ra\u00edz del conjunto de archivos. pydicom resuelve la ruta solo para confirmar que existe, pero no verifica que la ruta resuelta permanezca bajo la ra\u00edz del conjunto de archivos. Las operaciones p\u00fablicas posteriores de FileSet, como copy(), write() y remove()+write(use_existing=True), usan esa ruta no verificada en operaciones de E/S de archivos. Esto permite la lectura/copia arbitraria de archivos y, en algunos flujos, mover/eliminar fuera de la ra\u00edz del conjunto de archivos. Este problema ha sido solucionado en la versi\u00f3n 3.0.2."}], "lastModified": "2026-03-23T17:02:26.190", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:pydicom:pydicom:*:*:*:*:*:python:*:*", "vulnerable": true, "matchCriteriaId": "08DDD9F4-ABF0-4750-A28A-8E9E7A8DF617", "versionEndExcluding": "3.0.2", "versionStartIncluding": "2.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}