Description
Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. FIn versions >= 2.82.0, < 2.91.0, if the HTML backend was explicitly configured for rendering (rendering option by default deactivated), then the Playwright-based rendering feature could allow JavaScript execution and unrestricted network access when processing untrusted HTML documents. An attacker could craft malicious HTML that executes arbitrary JavaScript in the rendering context or makes unauthorized network requests to internal services, potentially leading to SSRF attacks, data exfiltration, or remote code execution in the rendering environment. This vulnerability is fixed in 2.91.0.
Published: 2026-06-24
Score: 8.2 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Docling versions 2.82.0 to less than 2.91.0 expose a Playwright‑based HTML rendering component that, when explicitly enabled, can execute JavaScript contained in untrusted HTML and perform unrestricted network calls. An attacker who supplies crafted HTML could trigger arbitrary code execution in the rendering process or make unauthorized requests to internal services, leading to SSRF, data exfiltration, or remote code execution.

Affected Systems

The affected software is the docling project’s docling package, specifically versions 2.82.0 through 2.90.x inclusive. No other products or vendors are listed.

Risk and Exploitability

The CVSS score is 8.2, indicating a high severity. EPSS information is not available, and the vulnerability is not listed in CISA KEV. The attack would likely occur when an application incorporating Docling receives or processes untrusted HTML. The vulnerability can be leveraged by an attacker who can influence the input that the rendering backend processes, thereby executing JavaScript in the rendering context or initiating network requests to internal services.

Generated by OpenCVE AI on June 24, 2026 at 20:36 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to docling version 2.91.0 or later where the issue is resolved.
  • If an upgrade is not immediately possible, disable the rendering option for all untrusted HTML input and ensure that the rendering feature remains turned off until a patch is applied.
  • Avoid feeding external or user‑supplied HTML to the rendering component; instead, sanitize or reject HTML that could contain scripts before rendering.

Generated by OpenCVE AI on June 24, 2026 at 20:36 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-pj2v-ggqh-cmq2 Docling: Unsafe Playwright-based HTML Rendering
History

Fri, 26 Jun 2026 00:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

threat_severity

Important


Thu, 25 Jun 2026 06:30:00 +0000

Type Values Removed Values Added
First Time appeared Docling-project
Docling-project docling
Vendors & Products Docling-project
Docling-project docling

Wed, 24 Jun 2026 19:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Wed, 24 Jun 2026 18:00:00 +0000

Type Values Removed Values Added
Description Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. FIn versions >= 2.82.0, < 2.91.0, if the HTML backend was explicitly configured for rendering (rendering option by default deactivated), then the Playwright-based rendering feature could allow JavaScript execution and unrestricted network access when processing untrusted HTML documents. An attacker could craft malicious HTML that executes arbitrary JavaScript in the rendering context or makes unauthorized network requests to internal services, potentially leading to SSRF attacks, data exfiltration, or remote code execution in the rendering environment. This vulnerability is fixed in 2.91.0.
Title Docling: Unsafe Playwright-based HTML Rendering
Weaknesses CWE-918
CWE-94
References
Metrics cvssV3_1

{'score': 8.2, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:L'}


Subscriptions

Docling-project Docling
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-07-15T00:55:00.452Z

Reserved: 2026-05-04T21:24:36.506Z

Link: CVE-2026-44016

cve-icon Vulnrichment

Updated: 2026-07-15T00:55:00.452Z

cve-icon NVD

No data.

cve-icon Redhat

Severity : Important

Publid Date: 2026-06-24T17:42:42Z

Links: CVE-2026-44016 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-25T06:15:15Z

Weaknesses
  • CWE-918

    Server-Side Request Forgery (SSRF)

  • CWE-94

    Improper Control of Generation of Code ('Code Injection')