Machine Spirits Logo

Security Advisories

Responsible vulnerability disclosures from our security research.

As part of our security research, we identify and responsibly disclose vulnerabilities in software used in healthcare and critical infrastructure. We work closely with vendors to ensure issues are resolved before publication. Each advisory below documents a confirmed vulnerability along with its impact and recommended mitigation.

ePA-VAU client research

Several advisories below belong to a recurring weakness pattern in lib-vau-based ePA client implementations. We collected them on one page.

View ePA-VAU summary
7 Critical13 High2 Medium22 total

gematik

German Healthcare Infrastructure

1 Critical1 High1 Medium

gematik Authenticator

Authentication Flow Hijack

Critical 9.3CVE-2026-338752026-03-26

gematik Authenticator

Remote Code Execution via a Crafted Keychain File

High 7.8CVE-2026-338742026-03-26

gematik ref-idp-server

Open Redirect via Unvalidated redirect_uri

Medium 6.12026-03-26

Orthanc

PACS / DICOM Server

3 Critical6 High

Orthanc DICOM Server

Heap Buffer Overflow in DICOM Image Decoder (Palette Color Decode)

Critical 9.8CVE-2026-54432026-04-02

Orthanc DICOM Server

Heap Buffer Overflow in DICOM Image Decoder via VR UL Dimensions

Critical 9.8CVE-2026-54422026-04-02

Orthanc DICOM Server

Out-of-Bounds Read in DICOM Image Decoder (DecodeLookupTable)

Critical 9.1CVE-2026-54452026-04-02

Orthanc DICOM Server

Out-of-Bounds Read in DicomStreamReader Meta-Header Parser

High 7.5CVE-2026-54372026-04-02

Orthanc DICOM Server

Memory Exhaustion via Unbounded Content-Length

High 7.5CVE-2026-54402026-04-02

Orthanc DICOM Server

Memory Exhaustion via Forged ZIP Metadata

High 7.5CVE-2026-54392026-04-02

Orthanc DICOM Server

GZIP Decompression Bomb via Content-Encoding Header

High 7.5CVE-2026-54382026-04-02

Orthanc DICOM Server

Out-of-Bounds Read in DICOM Image Decoder (PMSCT_RLE1 Decompression)

High 7.1CVE-2026-54412026-04-02

Orthanc DICOM Server

Heap Buffer Overflow in PAM Image Buffer Allocation

High 7.1CVE-2026-54442026-04-02

OHIF

Web-Based DICOM Viewer

1 High

OHIF Viewer

OIDC Credential Theft via Externally Controlled URL

High 8.22026-05-18

OpenMRS

Electronic Medical Record Platform

1 Critical

OpenMRS Core

Stored Velocity SSTI to RCE via ConceptReferenceRange

Critical 9.1CVE-2026-412582026-05-04

Oviva

ePA Client (Elektronische Patientenakte)

3 High1 Medium

Oviva epa4all-client

VAU Signature Verification Bypass

High 8.1CVE-2026-449002026-05-05

Oviva epa4all-client

TLS Certificate Validation Disabled in Production

High 8.1CVE-2026-455742026-05-11

Oviva epa4all-client

IDP Discovery Document Signature Bypass

High 7.4CVE-2026-455752026-05-11

Oviva epa4all-rest-service

Unauthenticated REST API for Patient Record Writes

Medium 6.5CVE-2026-476722026-05-19

med-united

ePA-Middleware (Primärsystem)

1 Critical1 High

med-united epa4all

VAU Server Authentication Bypass

Critical 9.12026-05-20

med-united epa4all

TLS Certificate Verification Disabled

High 8.12026-05-20

DCMTK

OFFIS DICOM Toolkit

1 Critical

DCMTK storescp

OS Command Injection via Placeholder Substitution

Critical 9.8CVE-2026-56632026-04-06

Robert Koch Institut (RKI)

Metadata Exchange Platform

1 High

MEx Backend

Broken Access Control on DELETE Endpoint

High 8.12026-04-10