EXECUTIVE SUMMARY:
Multiple vulnerabilities have been identified in the Docling and Docling-core Python packages. The issues include path traversal and unsafe remote filename resolution, server-side request forgery (SSRF), uncontrolled resource consumption, XML external entity (XXE) injection, zip-slip extraction, and code injection through a Playwright rendering component. Successful exploitation could allow attackers to read or overwrite arbitrary files, exfiltrate sensitive internal data, launch denial-of-service attacks, or achieve remote code execution on affected hosts. The combined risk is significant for environments that process untrusted documents or user-supplied URLs.[/subscribe_to_unlock_form]
EXECUTIVE SUMMARY:
Multiple vulnerabilities have been identified in the Docling and Docling-core Python packages. The issues include path traversal and unsafe remote filename resolution, server-side request forgery (SSRF), uncontrolled resource consumption, XML external entity (XXE) injection, zip-slip extraction, and code injection through a Playwright rendering component. Successful exploitation could allow attackers to read or overwrite arbitrary files, exfiltrate sensitive internal data, launch denial-of-service attacks, or achieve remote code execution on affected hosts. The combined risk is significant for environments that process untrusted documents or user-supplied URLs.[emaillocker id="1283"]
CVE-2026-44023 with a CVSS score of 8.6 – Allows SSRF and path‑traversal by resolving remote filenames to arbitrary local paths; a crafted URL and Content‑Disposition header can expose or modify files outside the intended cache directory.
CVE-2026-44019 with a CVSS score of 8.1 – Insufficient validation of image URIs permits file:// references and unlimited data URI payloads, enabling local file reads or memory exhaustion from large inline images.
CVE-2026-47214 with a CVSS score of 7.1 – HTML backend accepts file:// URIs, insecure redirects, and path traversal, leading to local file access, SSRF, and uncontrolled remote image downloads.
CVE-2026-44020 with a CVSS score of 7.5 – XML parser is vulnerable to XXE attacks; crafted USPTO patent XML can read arbitrary files, trigger SSRF, or cause denial of service via entity expansion.
CVE-2026-44016 with a CVSS score of 8.2 – Playwright‑based HTML rendering can execute JavaScript and perform unrestricted network requests when enabled, facilitating code injection and internal service probing.
CVE-2026-44017 with a CVSS score of 7.5 – Zip extraction in EasyOCR model download lacks path validation, allowing Zip Slip attacks that can write arbitrary files and achieve remote code execution.
RECOMMENDATION:
REFERENCES:
The following reports contain further technical details:
https://github.com/advisories/GHSA-jmmv-h3mp-59v8
https://github.com/advisories/GHSA-j5xp-7m2f-49jv
https://github.com/advisories/GHSA-q29v-xc37-wh5m
https://github.com/advisories/GHSA-m88r-rg27-5xfg
https://github.com/advisories/GHSA-pj2v-ggqh-cmq2
https://github.com/advisories/GHSA-cjqg-rq2h-2fvj