A critical security vulnerability in pynetdicom, a foundational open-source library for DICOM networking, allows unauthenticated attackers to traverse directories and access sensitive medical imaging files, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned in a medical advisory published on June 25, 2026. The flaw, present in all versions from 1.0.0 up to (but not including) 3.0.4, opens hospitals and imaging centers to data theft, sabotage, and potential patient safety risks.

CISA’s advisory, part of its ongoing effort to secure medical devices and healthcare IT infrastructure, urges immediate action: upgrade pynetdicom to version 3.0.4 or later. This is not a drill. Attackers scanning for vulnerable DICOM services can exploit the path traversal weakness without authentication, making any internet-facing or poorly segmented picture archiving and communication system (PACS) a prime target.

What is pynetdicom and Why Does It Matter?

pynetdicom is the networking engine that powers DICOM communication in Python. DICOM—Digital Imaging and Communications in Medicine—is the global standard for handling, storing, and transmitting medical images. It underpins every MRI, CT scan, X-ray, and ultrasound in modern healthcare. pynetdicom allows developers to build applications and scripts that speak the DICOM protocol, making it a common component in hospital PACS, radiology workstations, and medical device software.

Because medical imaging data often contains protected health information (PHI) and is critical to diagnosis and treatment, any compromise carries regulatory, financial, and human costs. A single unpatched component in the imaging chain can expose millions of patient records or allow an adversary to silently alter scan data, leading to misdiagnosis.

The Vulnerability: Path Traversal in DICOM Network Services

CISA’s advisory describes a classic directory traversal vulnerability. By sending specially crafted DICOM messages, an attacker can “walk” out of the intended storage directory and read arbitrary files on the system running a vulnerable pynetdicom instance. In some configurations, the flaw could also enable writing or overwriting files, potentially achieving remote code execution.

Technical Mechanics

In DICOM networking, two entities communicate: the service class user (SCU) and the service class provider (SCP). A typical PACS server acts as an SCP, accepting incoming connections to store or retrieve images. A vulnerable pynetdicom SCP, when handling a C-STORE or C-GET request, fails to properly sanitize file paths embedded in the DICOM dataset. An attacker can inject path traversal sequences (e.g., ../../) into a field like (0008,0055) (Station Name) or (0010,0020) (Patient ID), and the library uses that tainted value to construct a file path on the server.

The result? An unauthenticated client who can reach a DICOM port (commonly 104 or 11112) may read /etc/passwd, configuration files containing database credentials, or even entire image archives. If write access is possible, an attacker could plant web shells, ransomware payloads, or corrupted DICOM files that crash downstream viewers.

No public exploit code was available at the time of the advisory, but the simplicity of path traversal flaws means weaponized exploits will likely surface quickly. Security researchers note that any student with basic DICOM knowledge and a Python script could reproduce the attack.

Affected Versions and the Fix

The vulnerability, assigned CVE-2026-XXXXX (identifier pending at publication), affects pynetdicom versions 1.0.0 through 3.0.3. The fix arrived in version 3.0.4, released on June 24, 2026. The patch introduces robust path validation, ensuring that all file operations are confined to a configurable, secure base directory.

Organizations should immediately identify all applications and devices that ship pynetdicom. Because the library is a transitive dependency in many medical device firmwares, system administrators cannot rely solely on package managers; they must verify with vendors or scan binaries directly. The Python package can be updated via pip:

pip install --upgrade pynetdicom>=3.0.4

For environments where immediate patching is impossible, CISA recommends:
- Strict network segmentation: isolate DICOM traffic behind firewalls or VPNs.
- Disable the DICOM service on any non-essential system.
- Implement Web Application Firewall (WAF) rules at the application layer to detect and block path traversal attempts in DICOM messages.
- Monitor logs for unusual file access patterns, especially reads from outside the standard DICOM storage directory.

Healthcare at a Crossroads: The Real-World Impact

Health systems are famously slow to patch. Clinical downtime windows are narrow, and many imaging devices run legacy or custom operating systems that cannot be updated without vendor certification. A path traversal vulnerability in a networking library that sits at the heart of radiology workflows is a nightmare scenario.

Data Breach and HIPAA Exposure

A successful attack can exfiltrate thousands of DICOM files, each brimming with PHI: patient names, dates of birth, medical record numbers, and in some cases, full-body 3D reconstructions. Under HIPAA, a breach of unsecured PHI triggers mandatory reporting, fines, and lawsuits. Because DICOM files are often stored unencrypted on file systems, the data is immediately readable once the traversal barrier is broken.

Ransomware and Operational Disruption

Attackers can use the path traversal to overwrite or delete critical image archives. In 2024, a ransomware attack on a major European hospital chain caused widespread collapse of radiology services, forcing transfers to neighboring facilities. A weaponized pynetdicom flaw would lower the bar for such attacks, enabling adversaries to cripple local PACS nodes with minimal effort.

Patient Safety at Risk

Less visible but more terrifying: manipulation of DICOM data. A sophisticated attacker could alter pixel data, change patient demographics to cause misidentification, or inject malicious markup into structured reports. A radiologist reading a compromised mammogram might miss a tumor; a surgeon could operate on the wrong side because an MRI series was swapped silently.

The U.S. Food and Drug Administration (FDA) has long flagged cybersecurity risks in medical imaging devices. pynetdicom is not itself a medical device regulator, but its widespread use in FDA-cleared systems means that upstream vulnerabilities demand attention from manufacturers and healthcare delivery organizations alike.

Mitigation Beyond Patching

While upgrading to pynetdicom 3.0.4 is the definitive fix, defense-in-depth measures are crucial, especially for air-gapped systems that may still be reachable via companion networks.

Network Controls

  • DICOM Protocol Anomaly Detection: Deploy next-generation firewalls or intrusion prevention systems that understand DICOM and can parse and validate DICOM associations. Check for malformed data elements that attempt traversal.
  • Port-Specific Rules: Block inbound DICOM traffic from unknown IP ranges. Use DICOM TLS (Transport Layer Security) to require mutual authentication, preventing anonymous attackers from establishing an association.
  • Microsegmentation: Place imaging systems in their own VLAN with strict access control lists (ACLs) from clinical workstations.

File System Protections

  • Sandbox DICOM Services: Run pynetdicom processes inside containers or jails with read-only root filesystems and minimal permissions. Configure the storage directory as a mount that cannot be escaped even if traversal succeeds.
  • Audit File Activities: Use file integrity monitoring (FIM) tools to alert on any creation or modification of files outside the expected DICOM store.

Vendor and Supply Chain Accountability

  • Contact Device Manufacturers: Ask for a bill of materials (SBOM) that includes pynetdicom. If vulnerable versions are present, request a patch or a formal risk assessment.
  • Open-Source Hygiene: For in-house developed DICOM tools, adopt dependency scanning in CI/CD pipelines. Tools like Snyk, Black Duck, or Python’s own pip-audit can flag vulnerable pynetdicom versions.

The Bigger Picture: Open Source in Medical Technology

pynetdicom’s popularity reflects a broader trend: open-source libraries are accelerating medical software development but also importing community-level risk into regulated environments. Unlike proprietary solutions, open-source projects rely on volunteer maintainers and public issue trackers. When a CVE drops, medical device ISOs cannot simply be recompiled overnight.

CISA’s proactive advisory—released just one day after the fix—shows improved coordination between the cybersecurity community and healthcare regulators. The agency’s ICS Medical Advisories program, which typically covers insulin pumps and patient monitors, now expands to the software libraries that stitch these devices together.

Lessons from Past DICOM Vulnerabilities

This is not the first time DICOM has been in the crosshairs. In 2020, researchers demonstrated attacks on PACS servers that exposed millions of patient images because of unprotected HTTP interfaces. A 2021 DICOM library flaw (CVE-2021-3156, in the LEADTOOLS framework) allowed remote code execution via malicious images. The pynetdicom case reinforces a painful truth: DICOM was designed in an era of trusted networks, and retrofitting security breaks assumptions at every layer.

Organizations still running pynetdicom 1.x (released in 2018) are especially vulnerable because those versions lack even basic input validation. The 3.0.x series introduced configuration improvements, but the path traversal crept in as a regression during a file-handling refactor.

What to Do Right Now

  1. Inventory: List every system, service, and script that imports pynetdicom. Include forgotten radiology gateways, research servers, and any machine that ever ran “from pynetdicom import AE”.
  2. Assess Exposure: Run netstat or nmap across the hospital network to find open DICOM ports (104, 11112, 2761, 4242). If any respond without TLS or authentication, prioritize them.
  3. Patch: Update to pynetdicom 3.0.4. Freeze the exact version in requirements.txt or setup.py to prevent accidental downgrades.
  4. Verify: Use a simple Python DICOM client to attempt a path traversal against patched instances and confirm the attack fails.
  5. Monitor: Enable increased logging on DICOM servers for the next 60 days, watching for unusual SCU connections or access to files like /etc/shadow.

The Department of Health and Human Services (HHS) and the FDA are likely to issue parallel statements, emphasizing that medical device manufacturers bear responsibility for integrating security-patched dependencies and that software as a medical device (SaMD) must be kept current.

Conclusion

The CISA advisory on pynetdicom’s path traversal vulnerability is a loud wake-up call for healthcare cybersecurity. A library embedded in devices from portable ultrasound carts to massive hospital PACS clusters contains a flaw so trivial it could be scripted by a junior penetration tester. Yet, for many healthcare systems, patching will be delayed by compliance processes, vendor hesitance, or simple unawareness.

Attackers know this. The window between disclosure and exploitation shrinks every year. The only rational move is to treat this patch with the same urgency as a critical safety recall for a ventilator or infusion pump. Because in an interconnected hospital, software defects can kill just as surely as hardware failures.

Upgrade pynetdicom now. Your patients are counting on it.