Lucene search
K

105 matches found

RedhatCVE
RedhatCVE
added 2026/07/08 5:46 a.m.5 views

CVE-2026-40047

Improper Neutralization of Argument Delimiters in a Command 'Argument Injection' vulnerability in Apache Camel Docling component. The camel-docling component invokes the external docling command-line tool by assembling an argument list in DoclingProducer and executing it through...

9.1CVSS5.9AI score0.01569EPSS
Exploits2References4
OSV
OSV
added 2026/07/07 4:3 p.m.7 views

PYSEC-2026-1313 docling-core vulnerable to Remote Code Execution via unsafe PyYAML usage

Impact A PyYAML-related Remote Code Execution RCE vulnerability, namely CVE-2020-14343, is exposed in docling-core =2.21.0, 2.48.4 and, specifically only if the application uses pyyaml 5.4 and invokes doclingcore.types.doc.DoclingDocument.loadfromyaml passing it untrusted YAML data. Patches The...

8.1CVSS7.5AI score0.01376EPSS
Exploits1References9
NVD
NVD
added 2026/07/06 9:16 a.m.9 views

CVE-2026-40047

Improper Neutralization of Argument Delimiters in a Command 'Argument Injection' vulnerability in Apache Camel Docling component. The camel-docling component invokes the external docling command-line tool by assembling an argument list in DoclingProducer and executing it through...

9.1CVSS0.01569EPSS
Exploits2References2
Cvelist
Cvelist
added 2026/07/06 7:46 a.m.35 views

CVE-2026-40047 Apache Camel: Camel-Docling: Insufficient validation of custom CLI arguments enables argument injection and path traversal in DoclingProducer

Improper Neutralization of Argument Delimiters in a Command 'Argument Injection' vulnerability in Apache Camel Docling component. The camel-docling component invokes the external docling command-line tool by assembling an argument list in DoclingProducer and executing it through...

0.01569EPSS
Exploits2References1
CVE
CVE
added 2026/07/06 7:46 a.m.18 views

CVE-2026-40047

CVE-2026-40047 concerns Apache Camel’s camel-docling: Insufficient validation of custom CLI arguments allows argument injection and path traversal in DoclingProducer. The issue arises when unvalidated values in CamelDoclingCustomArguments (or path-bearing headers) reach the external docling tool ...

9.1CVSS5.9AI score0.01569EPSS
Exploits2References2Affected Software1
EUVD
EUVD
added 2026/07/06 7:46 a.m.7 views

EUVD-2026-41823

Improper Neutralization of Argument Delimiters in a Command 'Argument Injection' vulnerability in Apache Camel Docling component. The camel-docling component invokes the external docling command-line tool by assembling an argument list in DoclingProducer and executing it through...

9.1CVSS5.9AI score0.01569EPSS
Exploits2References1
OSV
OSV
added 2026/07/06 7:46 a.m.5 views

CVE-2026-40047 Apache Camel: Camel-Docling: Insufficient validation of custom CLI arguments enables argument injection and path traversal in DoclingProducer

Improper Neutralization of Argument Delimiters in a Command 'Argument Injection' vulnerability in Apache Camel Docling component. The camel-docling component invokes the external docling command-line tool by assembling an argument list in DoclingProducer and executing it through...

9.1CVSS6.1AI score0.01569EPSS
Exploits2References5
ATTACKERKB
ATTACKERKB
added 2026/07/06 7:46 a.m.5 views

CVE-2026-40047

Improper Neutralization of Argument Delimiters in a Command 'Argument Injection' vulnerability in Apache Camel Docling component. The camel-docling component invokes the external docling command-line tool by assembling an argument list in DoclingProducer and executing it through...

5.9AI score0.01569EPSS
Exploits2References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.12 views

PT-2026-55881

Name of the Vulnerable Software and Affected Versions Apache Camel versions 4.15.0 through 4.18.2 Description An argument injection issue exists in the Apache Camel Docling component. The component uses java.lang.ProcessBuilder to execute the external docling command-line tool. When custom CLI...

9.1CVSS6AI score0.01569EPSS
Exploits2References4
RedhatCVE
RedhatCVE
added 2026/07/02 5:30 a.m.12 views

CVE-2026-47214

A flaw was found in Docling, a document processing tool. Its HTML backend contained vulnerabilities related to unsafe handling of Uniform Resource Identifiers URIs and file paths. This could allow an attacker to access local files, navigate outside of intended directories path traversal, and...

7.1CVSS5.8AI score0.00217EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/07/01 4:43 a.m.12 views

CVE-2026-44018

A flaw was found in Docling, a tool for document processing. The METS-GBS backend, responsible for parsing XML and detecting document formats, lacked sufficient security controls. This allowed an attacker to create specially crafted METS-GBS archives. When these archives were processed, they coul...

7.1CVSS5.8AI score0.00113EPSS
Exploits0References5
NVD
NVD
added 2026/06/26 4:16 p.m.9 views

CVE-2026-47214

Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. Prior to 2.94.0, the HTML backend has unsafe URI and path handling. This vulnerability is fixed in 2.94.0...

7.1CVSS0.00217EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/26 3:45 p.m.8 views

CVE-2026-47214

Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. Prior to 2.94.0, the HTML backend has unsafe URI and path handling. This vulnerability is fixed in 2.94.0...

7.1CVSS5.8AI score0.00217EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/06/26 3:45 p.m.40 views

CVE-2026-47214

CVE-2026-47214 affects Docling’s HTML backend, where unsafe URI and path handling existed prior to version 2.94.0. The vulnerability enables potential local file access via file:// URIs, directory traversal through ../ sequences or absolute paths, and access to internal network resources when ena...

7.1CVSS5.8AI score0.00217EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/26 3:45 p.m.41 views

CVE-2026-47214 Docling: Unsafe URI and Path Handling in HTML Backend

Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. Prior to 2.94.0, the HTML backend has unsafe URI and path handling. This vulnerability is fixed in 2.94.0...

7.1CVSS0.00217EPSS
Exploits0References2
OSV
OSV
added 2026/06/26 3:45 p.m.4 views

CVE-2026-47214 Docling: Unsafe URI and Path Handling in HTML Backend

Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. Prior to 2.94.0, the HTML backend has unsafe URI and path handling. This vulnerability is fixed in 2.94.0...

7.1CVSS5.9AI score0.00217EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/25 7:15 p.m.6 views

CVE-2026-44016

A flaw was found in Docling. If the HTML backend is explicitly configured for rendering, a remote attacker could exploit a vulnerability in the Playwright-based rendering feature by crafting malicious HTML documents. This could allow the attacker to execute arbitrary JavaScript or make unauthoriz...

8.2CVSS6.3AI score0.00384EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/25 7:15 p.m.10 views

CVE-2026-44020

A flaw was found in docling. An attacker could exploit an XML External Entity XXE vulnerability in the USPTO patent XML parser by crafting malicious XML files. This could allow the attacker to read arbitrary files from the server's filesystem, perform Server-Side Request Forgery SSRF attacks, or...

9.4CVSS5.9AI score0.00334EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/25 7:14 p.m.6 views

CVE-2026-44017

A flaw was found in Docling. The EasyOCR model download functionality improperly extracts ZIP archives without validating member paths, enabling Zip Slip attacks. If an attacker compromises the model download source e.g., via a supply chain or Man-in-the-Middle MITM attack, they could write...

8.3CVSS6.3AI score0.00478EPSS
Exploits0References5
NVD
NVD
added 2026/06/24 6:17 p.m.13 views

CVE-2026-44020

Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. From 2.13.0 until 2.74.0, the USPTO patent XML parser used the standard xml.sax.parseString without protection against XML External Entity XXE attacks. An attacker could...

9.4CVSS0.00334EPSS
Exploits0References4
Rows per page
Query Builder