Impact
The vulnerability allows an attacker to exploit Zip Slip during the EasyOCR model download process in Docling. Extracting ZIP archives without validating member paths permits the creation of arbitrary file paths, enabling the attacker to write files to any writable location. By overwriting executable Python modules or critical system binaries, the attacker could gain remote code execution, deploy persistent backdoors through startup scripts or SSH keys, and corrupt or compromise system data.
Affected Systems
The affected product is Docling from the docling-project. All releases prior to v2.91.0 are vulnerable; upgrades to version 2.91.0 or later contain the fix.
Risk and Exploitability
The CVSS score of 7.5 indicates a high impact if exploited. EPSS data is not available, so the current probability of exploitation is unknown. The vulnerability is not listed in the CISA KEV catalog. Exploitation requires the attacker to compromise the model download source—through supply‑chain tampering, DNS spoofing, or a man‑in‑the‑middle attack—so that a malicious ZIP archive can be served. Once such a ZIP is processed, the attacker can write arbitrary files to any location writable by the running process, potentially achieving remote code execution or persistent footholds.
OpenCVE Enrichment
Github GHSA