Docling Core: Unsafe remote filename resolution
Description
Impact
In versions >= 1.5.0, < 2.74.1, docling-core did not sufficiently restrict remote request destinations and could resolve a server-provided Content-Disposition to a local path in an unsafe manner.
In applications that accept untrusted URLs, this could allow SSRF attacks targeting local files outside the user-defined cache directory.
Patches
Patched in docling-core 2.74.1. The fix adds stricter validation for remote destinations and normalizes server-provided filenames before use.
Users should upgrade to: - docling-core >= 2.74.1
Workarounds
If upgrading is not immediately possible, avoid passing untrusted URLs into remote fetch functionality.
### References - Fix release: `v2.74.1`
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
docling-corePyPI | >= 1.5.0, < 2.74.1 | 2.74.1 |
Affected products
2- Range: >= 1.5.0, < 2.74.1
Patches
Vulnerability mechanics
References
3News mentions
1- Docling Project: Eight High-Severity Vulnerabilities Disclosed TogetherVypr Intelligence · Jun 3, 2026