data-prep-toolkit-transforms (>=0.2.1.dev0 <=0.2.1.dev2), data-prep-toolkit-transforms-ray (>=0.2.1.dev0 <=0.2.1.dev2) +14 more potentially affected by CVE-2026-44023 via docling-core (>=1.7.2 <=2.74.0)

docling-core PYPI version =1.7.2, =0.2.1.dev0, =0.2.1.dev0, =1.0.0, =1.0.0, =0.19.2, =0.14.1, =0.4.0, =0.2.0, =0.0.1, =0.4.1 - resume-ats =0.1.0 - smart-pdf-for-business =1.0.0 and more Source cves: CVE-2026-44023 Source advisory: SNYK:PYTHON-DOCLINGCORE-17151724...

data-prep-toolkit-transforms (>=0.2.1.dev0 <=0.2.1.dev2), data-prep-toolkit-transforms-ray (>=0.2.1.dev0 <=0.2.1.dev2) +14 more potentially affected by CVE-2026-44023 via docling-core (>=1.7.2 <=2.74.0)

docling-core PYPI version =1.7.2, =0.2.1.dev0, =0.2.1.dev0, =1.0.0, =1.0.0, =0.19.2, =0.14.1, =0.4.0, =0.2.0, =0.0.1, =0.4.1 - resume-ats =0.1.0 - smart-pdf-for-business =1.0.0 and more Source cves: CVE-2026-44023 Source advisory: OSV:GHSA-JMMV-H3MP-59V8...

Docling Core: Unsafe remote filename resolution

Impact In versions = 1.5.0, = 2.74.1 Workarounds If upgrading is not immediately possible, avoid passing untrusted URLs into remote fetch functionality. References - Fix release: v2.74.1...

GHSA-JMMV-H3MP-59V8 Docling Core: Unsafe remote filename resolution

Impact In versions = 1.5.0, = 2.74.1 Workarounds If upgrading is not immediately possible, avoid passing untrusted URLs into remote fetch functionality. References - Fix release: v2.74.1...

Server-side Request Forgery (SSRF)

Overview docling-core is an A python library to define and validate data types in Docling. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the resolveremotefilename function, which processes headers from remote requests. An attacker can access sensitive fil...

haiku-rag (>=0.27.0 <=0.44.0), haiku-rag-slim (>=0.27.0 <=0.44.0) +3 more potentially affected by CVE-2026-44019 via docling-core (>=2.60.1 <=2.74.0)

docling-core PYPI version =2.60.1, =0.27.0, =0.27.0, =0.2.0, =0.42.0, =0.65.0 Source cves: CVE-2026-44019 Source advisory: OSV:GHSA-J5XP-7M2F-49JV...

haiku-rag (>=0.27.0 <=0.44.0), haiku-rag-slim (>=0.27.0 <=0.44.0) +3 more potentially affected by CVE-2026-44019 via docling-core (>=2.60.1 <=2.74.0)

docling-core PYPI version =2.60.1, =0.27.0, =0.27.0, =0.2.0, =0.42.0, =0.65.0 Source cves: CVE-2026-44019 Source advisory: SNYK:PYTHON-DOCLINGCORE-17151737...

Docling Core: Insufficient validation of image reference URIs

Impact In versions = 2.5.0, = 2.74.1 Workarounds If upgrading is not immediately possible: - reject file: and data: image references from untrusted input - allow only approved local or remote image sources - apply input size and memory limits to processing workers References - Fix release: v2.74....

External Control of File Name or Path

Overview docling-core is an A python library to define and validate data types in Docling. Affected versions of this package are vulnerable to External Control of File Name or Path in the pilimage function, when handling image reference URIs. An attacker can access local files using the file://...

PT-2026-46123

Name of the Vulnerable Software and Affected Versions docling-core versions 1.5.0 through 2.74.0 Description The software does not sufficiently restrict remote request destinations and can resolve a server-provided Content-Disposition to a local path in an unsafe manner. In applications that acce...

PT-2026-45850

Name of the Vulnerable Software and Affected Versions docling-core versions 2.5.0 through 2.74.0 Description Insufficient input sanitization when processing specific documents allows for path traversal, enabling remote attackers to read arbitrary files from the host server. The software allows...

Exploit for CVE-2026-24009

docling-core-CVE-2026-24009 T...

CVE-2026-24009

Docling Core or docling-core is a library that defines core data types and transformations in the document processing application Docling. A PyYAML-related Remote Code Execution RCE vulnerability, namely CVE-2020-14343, is exposed in docling-core starting in version 2.21.0 and prior to version...

io4it (=3.0.4.1) potentially affected by CVE-2026-24009 via docling-core (=2.26.3)

docling-core PYPI version =2.26.3 is affected by a known vulnerability. The following packages have a transitive dependency on docling-core and may be impacted: - io4it =3.0.4.1 Source cves: CVE-2026-24009 Source advisory: OSV:GHSA-VQXF-V2GG-X3HC...

io4it (=3.0.4.1) potentially affected by CVE-2020-14343 +1 more via docling-core (=2.26.3)

docling-core PYPI version =2.26.3 is affected by a known vulnerability. The following packages have a transitive dependency on docling-core and may be impacted: - io4it =3.0.4.1 Source cves: CVE-2020-14343, CVE-2026-24009 Source advisory: SNYK:PYTHON-DOCLINGCORE-15091522...

GHSA-VQXF-V2GG-X3HC docling-core vulnerable to Remote Code Execution via unsafe PyYAML usage

Impact A PyYAML-related Remote Code Execution RCE vulnerability, namely CVE-2020-14343, is exposed in docling-core =2.21.0, 2.48.4 and, specifically only if the application uses pyyaml 5.4 and invokes doclingcore.types.doc.DoclingDocument.loadfromyaml passing it untrusted YAML data. Patches The...

docling-core vulnerable to Remote Code Execution via unsafe PyYAML usage

Impact A PyYAML-related Remote Code Execution RCE vulnerability, namely CVE-2020-14343, is exposed in docling-core =2.21.0, 2.48.4 and, specifically only if the application uses pyyaml 5.4 and invokes doclingcore.types.doc.DoclingDocument.loadfromyaml passing it untrusted YAML data. Patches The...

CVE-2026-24009

Docling Core or docling-core is a library that defines core data types and transformations in the document processing application Docling. A PyYAML-related Remote Code Execution RCE vulnerability, namely CVE-2020-14343, is exposed in docling-core starting in version 2.21.0 and prior to version...

CVE-2026-24009

Docling Core or docling-core is a library that defines core data types and transformations in the document processing application Docling. A PyYAML-related Remote Code Execution RCE vulnerability, namely CVE-2020-14343, is exposed in docling-core starting in version 2.21.0 and prior to version...

EUVD-2026-3807

Docling Core or docling-core is a library that defines core data types and transformations in the document processing application Docling. A PyYAML-related Remote Code Execution RCE vulnerability, namely CVE-2020-14343, is exposed in docling-core starting in version 2.21.0 and prior to version...