CVE-2026-24009
CVE-2026-24009: Docling Core contains a PyYAML deserialization flaw enabling RCE in versions 2.21.0–2.48.3 when untrusted YAML is loaded via docling_core.types.doc.DoclingDocument.load_from_yaml() with PyYAML = 5.4. Severity data indicate high risk (CVSSv3.1: HIGH/CRITICAL depending on metric; ne...