VYPR
High severityNVD Advisory· Published Jun 3, 2026· Updated Jun 3, 2026

Docling: Unsafe URI and Path Handling in HTML Backend

CVE-2026-47214

Description

Impact

The HTML backend did not perform sufficient validation during resource handling: - Accepted file:// URIs enabling local file system access when enable_local_fetch=True - Path resolution allowed traversal outside intended directories via ../ sequences and absolute paths - Did not block internal network resources under enable_remote_fetch=True - HTTP redirects were not validated, potentially redirecting to unintended schemes - No resource limits for remote image downloads and data: URIs

Patches

Fixed in versions 2.91.0 (initial fixes) and 2.94.0 (additional improvements). The fixes implement: - Updated local path treatment: absolute files always blocked, relative paths require enable_local_fetch=True (default: False) and containment within configured base_path for path traversal protection - file:// scheme stripped & treated as local path (above) - IP address validation to prevent SSRF - HTTP redirect validation, connection and read timeouts - Size limit for both remote images (with streaming download) and base64-decoded data URIs

Workarounds

Keep both enable_local_fetch=False and enable_remote_fetch=False (defaults) when processing untrusted HTML documents.

### References - Initial fixes: v2.91.0 - Additional improvements: v2.94.0

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
doclingPyPI
< 2.94.02.94.0

Affected products

2

Patches

Vulnerability mechanics

References

4

News mentions

1