UNKNOWN Severity
CVE-2026-5440
Last updated Apr 09, 2026 · Published Apr 09, 2026
Description
A memory exhaustion vulnerability exists in the HTTP server due to unbounded use of the `Content-Length` header. The server allocates memory directly based on the attacker supplied header value without enforcing an upper limit. A crafted HTTP request containing an extremely large `Content-Length` value can trigger excessive memory allocation and server termination, even without sending a request body.
Affected products
1 listed- Orthanc:DICOM Server
Mappings
CWE
CWE-770
CAPEC
None listed.
CVE® content © MITRE Corporation. Licensed under the CVE Terms of Use. Terms