CVE-2026-44017

CVE-2026-44017 concerns Docling’s EasyOCR model download: prior to 2.91.0, ZIP archives were extracted without validating member paths, enabling Zip Slip path traversal. An attacker who could supply or intercept the model source could overwrite files anywhere writable by the process, potentially ...

CVE-2026-44022

Docling’s LaTeX backend (versions 2.73.0–2.91.0) fails to validate path containment for includegraphics, input, and include commands, enabling path traversal to read arbitrary files accessible to the process and potentially embed sensitive data in converted output. The root cause is insufficient ...

CVE-2026-44016 Docling: Unsafe Playwright-based HTML Rendering

Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. FIn versions = 2.82.0, 2.91.0, if the HTML backend was explicitly configured for rendering rendering option by default deactivated, then the Playwright-based rendering...

CVE-2026-44016

Docling (Python SDK) versions 2.82.0–2.90.x are affected when the HTML backend is explicitly enabled for rendering. The Playwright-based rendering had a vulnerability that could allow JavaScript execution and unrestricted network access in the rendering context for untrusted HTML, enabling potent...

CVE-2026-55447

Langflow’s BaseFileComponent family (including Read File, DoclingInlineComponent, DoclingServe, DoclingRemoteComponent, NvidiaIngestComponent, VideoFileComponent, UnstructuredComponent) is affected by CVE-2026-55447. The underlying issue is in base_file.py: _unpack_bundle TAR extraction does not ...

CVE-2026-55447 Langflow: BaseFileComponent-based nodes arbitrary file read with RCE exploit

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.2, by controlling a files that are digested into the RAG, an attacker can direct the node to read any file on the file-system by absolute path. All components based on BaseFileComponent are vulnerable to t...

data-prep-toolkit-transforms (>=0.2.1.dev0 <=0.2.1.dev2), data-prep-toolkit-transforms-ray (>=0.2.1.dev0 <=0.2.1.dev2) +14 more potentially affected by CVE-2026-44023 via docling-core (>=1.7.2 <=2.74.0)

docling-core PYPI version =1.7.2, =0.2.1.dev0, =0.2.1.dev0, =1.0.0, =1.0.0, =0.19.2, =0.14.1, =0.4.0, =0.2.0, =0.0.1, =0.4.1 - resume-ats =0.1.0 - smart-pdf-for-business =1.0.0 and more Source cves: CVE-2026-44023 Source advisory: SNYK:PYTHON-DOCLINGCORE-17151724...

data-prep-toolkit-transforms (>=0.2.1.dev0 <=0.2.1.dev2), data-prep-toolkit-transforms-ray (>=0.2.1.dev0 <=0.2.1.dev2) +14 more potentially affected by CVE-2026-44023 via docling-core (>=1.7.2 <=2.74.0)

docling-core PYPI version =1.7.2, =0.2.1.dev0, =0.2.1.dev0, =1.0.0, =1.0.0, =0.19.2, =0.14.1, =0.4.0, =0.2.0, =0.0.1, =0.4.1 - resume-ats =0.1.0 - smart-pdf-for-business =1.0.0 and more Source cves: CVE-2026-44023 Source advisory: OSV:GHSA-JMMV-H3MP-59V8...

Server-side Request Forgery (SSRF)

Overview docling-core is an A python library to define and validate data types in Docling. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the resolveremotefilename function, which processes headers from remote requests. An attacker can access sensitive fil...

GHSA-JMMV-H3MP-59V8 Docling Core: Unsafe remote filename resolution

Impact In versions = 1.5.0, = 2.74.1 Workarounds If upgrading is not immediately possible, avoid passing untrusted URLs into remote fetch functionality. References - Fix release: v2.74.1...

Docling Core: Unsafe remote filename resolution

Impact In versions = 1.5.0, = 2.74.1 Workarounds If upgrading is not immediately possible, avoid passing untrusted URLs into remote fetch functionality. References - Fix release: v2.74.1...

haiku-rag (>=0.27.0 <=0.44.0), haiku-rag-slim (>=0.27.0 <=0.44.0) +3 more potentially affected by CVE-2026-44019 via docling-core (>=2.60.1 <=2.74.0)

docling-core PYPI version =2.60.1, =0.27.0, =0.27.0, =0.2.0, =0.42.0, =0.65.0 Source cves: CVE-2026-44019 Source advisory: OSV:GHSA-J5XP-7M2F-49JV...

haiku-rag (>=0.27.0 <=0.44.0), haiku-rag-slim (>=0.27.0 <=0.44.0) +3 more potentially affected by CVE-2026-44019 via docling-core (>=2.60.1 <=2.74.0)

docling-core PYPI version =2.60.1, =0.27.0, =0.27.0, =0.2.0, =0.42.0, =0.65.0 Source cves: CVE-2026-44019 Source advisory: SNYK:PYTHON-DOCLINGCORE-17151737...

External Control of File Name or Path

Overview docling-core is an A python library to define and validate data types in Docling. Affected versions of this package are vulnerable to External Control of File Name or Path in the pilimage function, when handling image reference URIs. An attacker can access local files using the file://...

Docling Core: Insufficient validation of image reference URIs

Impact In versions = 2.5.0, = 2.74.1 Workarounds If upgrading is not immediately possible: - reject file: and data: image references from untrusted input - allow only approved local or remote image sources - apply input size and memory limits to processing workers References - Fix release: v2.74....

askbase (>=1.0.0 <=1.0.2), auto-survey (>=0.1.0 <=0.2.4) +30 more potentially affected by CVE-2026-47214 via docling (>=1.11.0 <=2.93.0)

docling PYPI version =1.11.0, =1.0.0, =0.1.0, =0.2.1, =0.2.1.dev0, =0.19.2, =1.40.0, =0.6.2, =0.0.1, =0.1.0, =0.2.1, =0.6.1, =1.0.1, =1.0.13 and more Source cves: CVE-2026-47214 Source advisory: OSV:GHSA-Q29V-XC37-WH5M...

askbase (>=1.0.0 <=1.0.2), auto-survey (>=0.1.0 <=0.2.4) +26 more potentially affected by CVE-2026-47214 via docling (>=2.10.0 <=2.93.0)

docling PYPI version =2.10.0, =1.0.0, =0.1.0, =0.19.2, =1.40.0, =0.6.2, =0.0.1, =0.1.0, =0.2.1, =0.6.1, =1.0.1, =0.4.0, =4.0.2 - mellea =0.0.1 and more Source cves: CVE-2026-47214 Source advisory: SNYK:PYTHON-DOCLING-17151773...

External Control of File Name or Path

Overview docling is a SDK and CLI for parsing PDF, DOCX, HTML, and more, to a unified document representation for powering downstream workflows such as gen AI applications. Affected versions of this package are vulnerable to External Control of File Name or Path in backend/htmlbackend.py‎, which ...

auto-survey (>=0.1.0 <=0.2.4), gptparse (=0.3.0) +5 more potentially affected by CVE-2026-44022 via docling (>=2.73.1 <=2.90.0)

docling PYPI version =2.73.1, =0.1.0, =0.30.1, =0.6.2, =0.0.1, =0.0.1, =0.0.2 Source cves: CVE-2026-44022 Source advisory: SNYK:PYTHON-DOCLING-17151834...

auto-survey (>=0.1.0 <=0.2.4), gptparse (=0.3.0) +5 more potentially affected by CVE-2026-44022 via docling (>=2.73.1 <=2.90.0)

docling PYPI version =2.73.1, =0.1.0, =0.30.1, =0.6.2, =0.0.1, =0.0.1, =0.0.2 Source cves: CVE-2026-44022 Source advisory: OSV:GHSA-2J5P-7P5M-CVQR...