Lucene search
K

101 matches found

NVD
NVD
added 2026/07/06 9:16 a.m.9 views

CVE-2026-40047

Improper Neutralization of Argument Delimiters in a Command 'Argument Injection' vulnerability in Apache Camel Docling component. The camel-docling component invokes the external docling command-line tool by assembling an argument list in DoclingProducer and executing it through...

9.1CVSS0.01569EPSS
Exploits2References2
ATTACKERKB
ATTACKERKB
added 2026/07/06 7:46 a.m.5 views

CVE-2026-40047

Improper Neutralization of Argument Delimiters in a Command 'Argument Injection' vulnerability in Apache Camel Docling component. The camel-docling component invokes the external docling command-line tool by assembling an argument list in DoclingProducer and executing it through...

5.9AI score0.01569EPSS
Exploits2References2Affected Software1
EUVD
EUVD
added 2026/07/06 7:46 a.m.5 views

EUVD-2026-41823

Improper Neutralization of Argument Delimiters in a Command 'Argument Injection' vulnerability in Apache Camel Docling component. The camel-docling component invokes the external docling command-line tool by assembling an argument list in DoclingProducer and executing it through...

9.1CVSS5.9AI score0.01569EPSS
Exploits2References1
CVE
CVE
added 2026/07/06 7:46 a.m.17 views

CVE-2026-40047

CVE-2026-40047 concerns Apache Camel’s camel-docling: Insufficient validation of custom CLI arguments allows argument injection and path traversal in DoclingProducer. The issue arises when unvalidated values in CamelDoclingCustomArguments (or path-bearing headers) reach the external docling tool ...

9.1CVSS5.9AI score0.01569EPSS
Exploits2References2Affected Software1
Cvelist
Cvelist
added 2026/07/06 7:46 a.m.35 views

CVE-2026-40047 Apache Camel: Camel-Docling: Insufficient validation of custom CLI arguments enables argument injection and path traversal in DoclingProducer

Improper Neutralization of Argument Delimiters in a Command 'Argument Injection' vulnerability in Apache Camel Docling component. The camel-docling component invokes the external docling command-line tool by assembling an argument list in DoclingProducer and executing it through...

0.01569EPSS
Exploits2References1
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.9 views

PT-2026-55881

Name of the Vulnerable Software and Affected Versions Apache Camel versions 4.15.0 through 4.18.2 Description An argument injection issue exists in the Apache Camel Docling component. The component uses java.lang.ProcessBuilder to execute the external docling command-line tool. When custom CLI...

9.1CVSS6AI score0.01569EPSS
Exploits2References4
RedhatCVE
RedhatCVE
added 2026/07/02 5:30 a.m.11 views

CVE-2026-47214

A flaw was found in Docling, a document processing tool. Its HTML backend contained vulnerabilities related to unsafe handling of Uniform Resource Identifiers URIs and file paths. This could allow an attacker to access local files, navigate outside of intended directories path traversal, and...

7.1CVSS5.8AI score0.00217EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/07/01 4:43 a.m.11 views

CVE-2026-44018

A flaw was found in Docling, a tool for document processing. The METS-GBS backend, responsible for parsing XML and detecting document formats, lacked sufficient security controls. This allowed an attacker to create specially crafted METS-GBS archives. When these archives were processed, they coul...

7.1CVSS5.8AI score0.00113EPSS
Exploits0References5
NVD
NVD
added 2026/06/26 4:16 p.m.9 views

CVE-2026-47214

Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. Prior to 2.94.0, the HTML backend has unsafe URI and path handling. This vulnerability is fixed in 2.94.0...

7.1CVSS0.00217EPSS
Exploits0References2
OSV
OSV
added 2026/06/26 3:45 p.m.3 views

CVE-2026-47214 Docling: Unsafe URI and Path Handling in HTML Backend

Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. Prior to 2.94.0, the HTML backend has unsafe URI and path handling. This vulnerability is fixed in 2.94.0...

7.1CVSS5.9AI score0.00217EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/26 3:45 p.m.41 views

CVE-2026-47214 Docling: Unsafe URI and Path Handling in HTML Backend

Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. Prior to 2.94.0, the HTML backend has unsafe URI and path handling. This vulnerability is fixed in 2.94.0...

7.1CVSS0.00217EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/26 3:45 p.m.8 views

CVE-2026-47214

Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. Prior to 2.94.0, the HTML backend has unsafe URI and path handling. This vulnerability is fixed in 2.94.0...

7.1CVSS5.8AI score0.00217EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/06/26 3:45 p.m.39 views

CVE-2026-47214

CVE-2026-47214 affects Docling’s HTML backend, where unsafe URI and path handling existed prior to version 2.94.0. The vulnerability enables potential local file access via file:// URIs, directory traversal through ../ sequences or absolute paths, and access to internal network resources when ena...

7.1CVSS5.8AI score0.00217EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/25 7:15 p.m.6 views

CVE-2026-44016

A flaw was found in Docling. If the HTML backend is explicitly configured for rendering, a remote attacker could exploit a vulnerability in the Playwright-based rendering feature by crafting malicious HTML documents. This could allow the attacker to execute arbitrary JavaScript or make unauthoriz...

8.2CVSS6.3AI score0.00384EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/25 7:15 p.m.10 views

CVE-2026-44020

A flaw was found in docling. An attacker could exploit an XML External Entity XXE vulnerability in the USPTO patent XML parser by crafting malicious XML files. This could allow the attacker to read arbitrary files from the server's filesystem, perform Server-Side Request Forgery SSRF attacks, or...

9.4CVSS5.9AI score0.00334EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/25 7:14 p.m.6 views

CVE-2026-44017

A flaw was found in Docling. The EasyOCR model download functionality improperly extracts ZIP archives without validating member paths, enabling Zip Slip attacks. If an attacker compromises the model download source e.g., via a supply chain or Man-in-the-Middle MITM attack, they could write...

8.3CVSS6.3AI score0.00478EPSS
Exploits0References5
NVD
NVD
added 2026/06/24 6:17 p.m.10 views

CVE-2026-44020

Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. From 2.13.0 until 2.74.0, the USPTO patent XML parser used the standard xml.sax.parseString without protection against XML External Entity XXE attacks. An attacker could...

9.4CVSS0.00334EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/24 5:48 p.m.30 views

CVE-2026-44017 Docling: Unsafe Zip Extraction in EasyOCR Model Download

Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. Prior to 2.91.0, the EasyOCR model download functionality extracted ZIP archives without validating member paths, enabling Zip Slip attacks. If an attacker could compromi...

7.5CVSS0.00478EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/24 5:48 p.m.7 views

CVE-2026-44017 Docling: Unsafe Zip Extraction in EasyOCR Model Download

Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. Prior to 2.91.0, the EasyOCR model download functionality extracted ZIP archives without validating member paths, enabling Zip Slip attacks. If an attacker could compromi...

7.5CVSS6.7AI score0.00478EPSS
Exploits0References2
CVE
CVE
added 2026/06/24 5:48 p.m.50 views

CVE-2026-44017

CVE-2026-44017 concerns Docling’s EasyOCR model download: prior to 2.91.0, ZIP archives were extracted without validating member paths, enabling Zip Slip path traversal. An attacker who could supply or intercept the model source could overwrite files anywhere writable by the process, potentially ...

8.3CVSS6.7AI score0.00478EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder