What is CVE-2026-32711?

CVE-2026-32711 is a high-severity vulnerability in Pydicom, classified under Path Traversal. CVSS score: 7.8/10. Published 2026-03-20.

How severe is CVE-2026-32711?

High severity. CVSS v3 base score is 7.8 out of 10.

Path Traversal in Pydicom

CVE-2026-32711

pydicom is a pure Python package for working with DICOM files. Versions 2.0.0-rc.1 through 3.0.1 are vulnerable to Path Traversal through a maliciously crafted DICOMDIR ReferencedFileID when it is set to a path outside the File-set root. p…

Vulnerability class: Path Traversal (Directory Traversal)

EPSS: 0.000 (0.8th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.8 (High). Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H.

Affected products

Pydicom — versions >= 2.0.0-rc.1, < 3.0.2

Weakness classification (CWE)

CWE-22 — Path Traversal

References

https://github.com/pydicom/pydicom/security/advisories/GHSA-v856-2rf8-9f28 (x_refsource_CONFIRM)
https://github.com/pydicom/pydicom/commit/6414f01a053dff925578799f5a7208d2ae585e82 (x_refsource_MISC)
https://github.com/pydicom/pydicom/releases/tag/v3.0.2 (x_refsource_MISC)

Frequently asked questions

What is CVE-2026-32711?: CVE-2026-32711 is a high-severity vulnerability in Pydicom, classified under Path Traversal. CVSS score: 7.8/10. Published 2026-03-20.
How severe is CVE-2026-32711?: High severity. CVSS v3 base score is 7.8 out of 10.