CISA Advisory: OHIF DICOM Viewer ≤v3.12.0 Has Critical SSRF Flaw Enabling Clinician Token Theft

A high-severity server-side request forgery vulnerability in the widely deployed OHIF open-source DICOM viewer can expose authenticated clinicians' OIDC Bearer tokens to attackers — patch to v3.12.2 immediately. CISA issued ICS Medical Advisory ICSMA-26-176-02 on June 25, 2026, disclosing...