CVE-2026-32711: Pydicom Referencedfileid Path Traversal
Constructing a `pathlib.Path` using user-controlled DICOM attributes such as `ReferencedFileID` without validating that the path remains within the bounds of an expected root directory allows Path Traversal. An attacker can craft a DICOMDIR to access or modify files outside the designated root. Enforce boundary validation using checks like `is_relative_to()`
greprules fetch cve-2026-32711-pydicom-referencedfileid-path-traversal --engine opengrepDescription
Constructing a `pathlib.Path` using user-controlled DICOM attributes such as `ReferencedFileID` without validating that the path remains within the bounds of an expected root directory allows Path Traversal. An attacker can craft a DICOMDIR to access or modify files outside the designated root. Enforce boundary validation using checks like `is_relative_to()`
Detection target
Not provided
Recommended fix
Not provided
False-positive notes
Not provided
Community feedback
Sign in to report false positives, mark this rule useful, or suggest metadata improvements.