MEDIUM🇵🇱 Wersja polska

CVE-2026-44018

CVSS 5.5v3.1pub. 2026-06-26upd. 2026-06-27

Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. From 2.45.0 until 2.91.0, the METS-GBS backend's XML parsing and the input document format detection lacked security controls. An attacker could craft malicious METS-GBS archives that, when processed, could read sensitive files, exhaust system resources, or cause application crashes. This vulnerability is fixed in 2.91.0.

CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
  • Docling

    APP
    Docling
    2.45.0 – 2.91.0 (bez)
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2026-47214HIGH7.1ten sam produkt

Docling simplifies document processing by parsing diverse formats and providing integrations with the generati...

CVE-2026-44016HIGH8.2ten sam produkt

Docling simplifies document processing by parsing diverse formats and providing integrations with the generati...

CVE-2026-44017HIGH7.5ten sam produkt

Docling simplifies document processing by parsing diverse formats and providing integrations with the generati...

CVE-2026-44020HIGH7.5ten sam produkt

Docling simplifies document processing by parsing diverse formats and providing integrations with the generati...

CVE-2026-44022MEDIUM5.5ten sam produkt

Docling simplifies document processing by parsing diverse formats and providing integrations with the generati...