VYPR

Docling Core

by Docling Project

Source repositories

CVEs (5)

  • CVE-2026-31248HigMay 11, 2026
    risk 0.49cvss 7.5epss 0.00

    Docling's METS GBS backend is vulnerable to XML Entity Expansion (XXE) attacks thru 2.61.0. The backend extracts and validates XML files from .tar.gz archives using etree.fromstring() without disabling entity resolution. An attacker can craft a malicious XML file with nested…

  • CVE-2026-31247HigMay 11, 2026
    risk 0.49cvss 7.5epss 0.00

    Docling's JATS XML backend is vulnerable to XML Entity Expansion (XXE) attacks thru 2.61.0. The backend uses etree.parse() to parse XML files without disabling entity resolution. An attacker can craft a malicious XML file containing a nested entity expansion payload (XML Bomb).…

  • CVE-2026-24009HigJan 22, 2026
    risk 0.46cvss 8.1epss 0.01

    Docling Core (or docling-core) is a library that defines core data types and transformations in the document processing application Docling. A PyYAML-related Remote Code Execution (RCE) vulnerability, namely CVE-2020-14343, is exposed in docling-core starting in version 2.21.0…

  • CVE-2026-44023higJun 3, 2026
    risk 0.38cvss epss 0.00

    ### Impact In versions `>= 1.5.0, < 2.74.1`, `docling-core` did not sufficiently restrict remote request destinations and could resolve a server-provided `Content-Disposition` to a local path in an unsafe manner. In applications that accept untrusted URLs, this could allow SSRF…

  • CVE-2026-44019higJun 3, 2026
    risk 0.38cvss epss 0.00

    ### Impact In versions `>= 2.5.0, < 2.74.1`, `docling-core` could allow local `file://` image references and accepted inline `data:` content without a decoded-size limit. In applications that accept untrusted image references, this may allow access to local files readable by…