CVE-2026-44018 - Vulnerability Details

- Docling: Unsafe Archive Extraction and XML Parsing in METS-GBS Backend

Description

Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. From 2.45.0 until 2.91.0, the METS-GBS backend's XML parsing and the input document format detection lacked security controls. An attacker could craft malicious METS-GBS archives that, when processed, could read sensitive files, exhaust system resources, or cause application crashes. This vulnerability is fixed in 2.91.0.

Published: 2026-06-26

Score: 5.5 Medium

EPSS: n/a

KEV: No

Impact:

Action:

Analysis

Impact

The vulnerability arises from unsafe extraction of archives and XML parsing in Docling’s METS-GBS backend. Security checks that should validate archive contents and XML structure are missing, allowing an attacker to craft a malicious METS-GBS archive that, when processed, can cause the application to read arbitrary files on the host, consume excessive CPU or memory resources, or crash. The consequences are sensitive data exposure and denial of service for legitimate users.

Affected Systems

Affects docling-project’s Docling application versions 2.45.0 through 2.90.x; the fix was introduced in 2.91.0. Systems that expose the METS-GBS ingestion endpoint are at risk and should use the patched release.

Risk and Exploitability

The CVSS score of 5.5 indicates a moderate severity; no EPSS data is available and the vulnerability is not listed in CISA KEV. Attackers can exploit the flaw remotely by submitting crafted METS-GBS archives to the ingestion component. Because the issue involves insufficient input validation, the risk can be mitigated by applying the official patch or restricting upload sources.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

docling-project

docling

affected

Version	Status	Constraints
`>= 2.45.0, < 2.91.0`	affected	—

No data.

Vendor Product Confidence Versions

Docling-project

Docling

100%

Version	Status	Scheme	Platform
`[2.45.0,2.91.0)`	affected	semver	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade to Docling 2.91.0 or later.
If an immediate upgrade is not possible, block or monitor ingestion of METS-GBS archives from untrusted sources.
Validate archive contents before extraction and enforce strict file path restrictions in the METS-GBS backend; apply defensive checks consistent with the weakness types CWE-409, CWE-611, and CWE-776.

Generated by OpenCVE AI on June 26, 2026 at 17:32 UTC.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
Github GHSA	GHSA-r3xg-rg9j-67fv	Docling: Unsafe Archive Extraction and XML Parsing in METS-GBS Backend

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Exploitation none

Automatable no

Technical Impact partial

References

Link	Providers
https://github.com/docling-project/docling/releases/tag/v2.91.0
https://github.com/docling-project/docling/security/advisories/GHSA-r3xg-rg9j-67fv

History

Fri, 26 Jun 2026 23:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Docling-project Docling-project docling
Vendors & Products		Docling-project Docling-project docling

Fri, 26 Jun 2026 20:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Fri, 26 Jun 2026 16:00:00 +0000

Type	Values Removed	Values Added
Description		Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. From 2.45.0 until 2.91.0, the METS-GBS backend's XML parsing and the input document format detection lacked security controls. An attacker could craft malicious METS-GBS archives that, when processed, could read sensitive files, exhaust system resources, or cause application crashes. This vulnerability is fixed in 2.91.0.
Title		Docling: Unsafe Archive Extraction and XML Parsing in METS-GBS Backend
Weaknesses		CWE-409 CWE-611 CWE-776
References		https://github.com/docling-project/docling/releases/tag/v2.91.0 https://github.com/docling-project/docling/security/advisories/GHSA-r3xg-rg9j-67fv
Metrics		cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H'}`

Subscriptions

Docling-project Docling

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2026-06-26T15:40:42.422Z

Updated: 2026-06-26T19:13:39.619Z

Reserved: 2026-05-04T21:24:36.506Z

Link: CVE-2026-44018

Vulnrichment

Updated: 2026-06-26T19:10:35.512Z

NVD

No data.

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-06-26T22:45:05Z

Weaknesses

CWE-409
Improper Handling of Highly Compressed Data (Data Amplification)
CWE-611
Improper Restriction of XML External Entity Reference
CWE-776
Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction Required

Exploitation none

Automatable no

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object