2 matches found
CVE-2026-44022
Docling’s LaTeX backend (versions 2.73.0–2.91.0) fails to validate path containment for includegraphics, input, and include commands, enabling path traversal to read arbitrary files accessible to the process and potentially embed sensitive data in converted output. The root cause is insufficient ...
CVE-2026-44022 Docling: Potential Path Traversal via LaTeX \includegraphics and \input Commands
Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. From 2.73.0 until 2.91.0, he LaTeX backend's handling of \includegraphics, \input, and \include commands lacked path containment validation. Attackers could craft malicio...