2 matches found
Deserialization of Untrusted Data
Overview docling-core is an A python library to define and validate data types in Docling. Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the loadfromyaml function. An attacker can execute arbitrary code by providing malicious YAML input to the...
CVE-2026-24009 Docling Core vulnerable to Remote Code Execution via unsafe PyYAML usage
Docling Core or docling-core is a library that defines core data types and transformations in the document processing application Docling. A PyYAML-related Remote Code Execution RCE vulnerability, namely CVE-2020-14343, is exposed in docling-core starting in version 2.21.0 and prior to version...