Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2026/07/01 4:43 a.m.12 views

CVE-2026-44018

A flaw was found in Docling, a tool for document processing. The METS-GBS backend, responsible for parsing XML and detecting document formats, lacked sufficient security controls. This allowed an attacker to create specially crafted METS-GBS archives. When these archives were processed, they coul...

7.1CVSS5.8AI score0.00113EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/06/26 3:40 p.m.6 views

CVE-2026-44018

Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. From 2.45.0 until 2.91.0, the METS-GBS backend's XML parsing and the input document format detection lacked security controls. An attacker could craft malicious METS-GBS...

5.5CVSS5.8AI score0.00113EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/06/26 3:40 p.m.3 views

CVE-2026-44018 Docling: Unsafe Archive Extraction and XML Parsing in METS-GBS Backend

Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. From 2.45.0 until 2.91.0, the METS-GBS backend's XML parsing and the input document format detection lacked security controls. An attacker could craft malicious METS-GBS...

5.5CVSS6AI score0.00113EPSS
Exploits0References4
Snyk
Snyk
added 2026/06/03 9:13 p.m.13 views

XML External Entity Injection

Overview docling is a SDK and CLI for parsing PDF, DOCX, HTML, and more, to a unified document representation for powering downstream workflows such as gen AI applications. Affected versions of this package are vulnerable to XML External Entity Injection in the METS-GBS backend's XML parsing and...

7.1CVSS5.5AI score0.00113EPSS
Exploits0References4
Rows per page
Query Builder