Description
Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. Prior to 2.91.0, the EasyOCR model download functionality extracted ZIP archives without validating member paths, enabling Zip Slip attacks. If an attacker could compromise the model download source (via supply chain attack, DNS spoofing, or MITM), they could write arbitrary files to any location writable by the process, potentially achieving remote code execution by overwriting Python files or system binaries, persistent backdoors by modifying startup scripts or SSH keys, and data corruption or system compromise. This vulnerability is fixed in 2.91.0.
Published: 2026-06-24
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability allows an attacker to exploit Zip Slip during the EasyOCR model download process in Docling. Extracting ZIP archives without validating member paths permits the creation of arbitrary file paths, enabling the attacker to write files to any writable location. By overwriting executable Python modules or critical system binaries, the attacker could gain remote code execution, deploy persistent backdoors through startup scripts or SSH keys, and corrupt or compromise system data.

Affected Systems

The affected product is Docling from the docling-project. All releases prior to v2.91.0 are vulnerable; upgrades to version 2.91.0 or later contain the fix.

Risk and Exploitability

The CVSS score of 7.5 indicates a high impact if exploited. EPSS data is not available, so the current probability of exploitation is unknown. The vulnerability is not listed in the CISA KEV catalog. Exploitation requires the attacker to compromise the model download source—through supply‑chain tampering, DNS spoofing, or a man‑in‑the‑middle attack—so that a malicious ZIP archive can be served. Once such a ZIP is processed, the attacker can write arbitrary files to any location writable by the running process, potentially achieving remote code execution or persistent footholds.

Generated by OpenCVE AI on June 24, 2026 at 20:34 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Docling to version 2.91.0 or later, which implements proper path validation during ZIP extraction.
  • If an upgrade cannot be performed immediately, restrict the write permissions of the model download directory so that only trusted system accounts can modify its contents.
  • Ensure that the source of EasyOCR models is authenticated, for example by verifying digital signatures or pulling from a secure, controlled repository, to prevent supply‑chain attacks.

Generated by OpenCVE AI on June 24, 2026 at 20:34 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-cjqg-rq2h-2fvj Docling: Unsafe Zip Extraction in EasyOCR Model Download
History

Fri, 26 Jun 2026 00:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

threat_severity

Important


Thu, 25 Jun 2026 20:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Thu, 25 Jun 2026 08:00:00 +0000

Type Values Removed Values Added
First Time appeared Docling-project
Docling-project docling
Vendors & Products Docling-project
Docling-project docling

Wed, 24 Jun 2026 18:00:00 +0000

Type Values Removed Values Added
Description Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. Prior to 2.91.0, the EasyOCR model download functionality extracted ZIP archives without validating member paths, enabling Zip Slip attacks. If an attacker could compromise the model download source (via supply chain attack, DNS spoofing, or MITM), they could write arbitrary files to any location writable by the process, potentially achieving remote code execution by overwriting Python files or system binaries, persistent backdoors by modifying startup scripts or SSH keys, and data corruption or system compromise. This vulnerability is fixed in 2.91.0.
Title Docling: Unsafe Zip Extraction in EasyOCR Model Download
Weaknesses CWE-22
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H'}


Subscriptions

Docling-project Docling
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-07-15T00:54:58.207Z

Reserved: 2026-05-04T21:24:36.506Z

Link: CVE-2026-44017

cve-icon Vulnrichment

Updated: 2026-06-30T03:17:26.421Z

cve-icon NVD

No data.

cve-icon Redhat

Severity : Important

Publid Date: 2026-06-24T17:48:46Z

Links: CVE-2026-44017 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-25T07:45:05Z

Weaknesses
  • CWE-22

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')