Description
Docling Core (or docling-core) is a library that defines core data types and transformations in the document processing application Docling. A PyYAML-related Remote Code Execution (RCE) vulnerability, namely CVE-2020-14343, is exposed in docling-core starting in version 2.21.0 and prior to version 2.48.4, specifically only if the application uses pyyaml prior to version 5.4 and invokes `docling_core.types.doc.DoclingDocument.load_from_yaml()` passing it untrusted YAML data. The vulnerability has been patched in docling-core version 2.48.4. The fix mitigates the issue by switching `PyYAML` deserialization from `yaml.FullLoader` to `yaml.SafeLoader`, ensuring that untrusted data cannot trigger code execution. Users who cannot immediately upgrade docling-core can alternatively ensure that the installed version of PyYAML is 5.4 or greater.
Published: 2026-01-22
Score: 8.1 High
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Immediate Patch
AI Analysis

Impact

The vulnerability arises from Docling Core's use of PyYAML's FullLoader to deserialize user-supplied YAML documents. When the application calls load_from_yaml with untrusted data, an attacker can embed arbitrary Python objects that will be instantiated during parsing, leading to remote code execution. The issue is identified as CWE-502: Deserialization of Untrusted Data. Successful exploitation allows an attacker to run arbitrary code with the privileges of the running process.

Affected Systems

The affected product is Docling Core, maintained by the docling-project, as part of the Docling document processing ecosystem. Vulnerable versions span from 2.21.0 up to, but not including, 2.48.4. Systems running any of these releases that load external YAML files via the load_from_yaml() method are susceptible.

Risk and Exploitability

The CVSS score of 8.1 reflects high severity; the EPSS score indicates very low current exploitation probability, and the vulnerability is not listed in the CISA KEV catalog. However, the attack vector remains remote and can be triggered without authentication if the application processes malicious YAML files, for example through an open API or upload endpoint. The patch replaces FullLoader with SafeLoader, eliminating the unsafe deserialization path.

Generated by OpenCVE AI on April 18, 2026 at 03:46 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade docling-core to version 2.48.4 or later, which switches PyYAML to SafeLoader.
  • If upgrading is not immediately possible, ensure the installed PyYAML library is version 5.4 or higher to prevent unsafe loaders from being used.
  • Modify or isolate YAML loading code to restrict use of load_from_yaml only on trusted input and consider implementing additional input validation or linting.

Generated by OpenCVE AI on April 18, 2026 at 03:46 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-vqxf-v2gg-x3hc docling-core vulnerable to Remote Code Execution via unsafe PyYAML usage
History

Thu, 09 Apr 2026 14:30:00 +0000

Type Values Removed Values Added
First Time appeared Docling
Docling docling-core
CPEs cpe:2.3:a:docling:docling-core:*:*:*:*:*:python:*:*
Vendors & Products Docling
Docling docling-core

Fri, 23 Jan 2026 16:45:00 +0000

Type Values Removed Values Added
First Time appeared Docling-project
Docling-project docling-core
Vendors & Products Docling-project
Docling-project docling-core

Thu, 22 Jan 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 22 Jan 2026 15:30:00 +0000

Type Values Removed Values Added
Description Docling Core (or docling-core) is a library that defines core data types and transformations in the document processing application Docling. A PyYAML-related Remote Code Execution (RCE) vulnerability, namely CVE-2020-14343, is exposed in docling-core starting in version 2.21.0 and prior to version 2.48.4, specifically only if the application uses pyyaml prior to version 5.4 and invokes `docling_core.types.doc.DoclingDocument.load_from_yaml()` passing it untrusted YAML data. The vulnerability has been patched in docling-core version 2.48.4. The fix mitigates the issue by switching `PyYAML` deserialization from `yaml.FullLoader` to `yaml.SafeLoader`, ensuring that untrusted data cannot trigger code execution. Users who cannot immediately upgrade docling-core can alternatively ensure that the installed version of PyYAML is 5.4 or greater.
Title Docling Core vulnerable to Remote Code Execution via unsafe PyYAML usage
Weaknesses CWE-502
References
Metrics cvssV3_1

{'score': 8.1, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Docling Docling-core
Docling-project Docling-core
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-01-22T15:59:19.883Z

Reserved: 2026-01-19T18:49:20.660Z

Link: CVE-2026-24009

cve-icon Vulnrichment

Updated: 2026-01-22T15:59:17.336Z

cve-icon NVD

Status : Analyzed

Published: 2026-01-22T16:16:09.320

Modified: 2026-04-09T14:25:51.167

Link: CVE-2026-24009

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T04:00:08Z

Weaknesses